Skip to main content

R6850 Firmware

22 CVEs product

Monthly

CVE-2025-12942 MEDIUM Monitor

Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to. Rated medium severity (CVSS 4.8). No vendor patch available.

Information Disclosure Netgear R6260 Firmware R6850 Firmware
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2024-30572 HIGH POC This Week

Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntp_server parameter. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Netgear R6850 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.5%
CVE-2024-30571 HIGH POC THREAT This Week

An information leak in the BRS_top.html component of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear R6850 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
13.8%
CVE-2024-30570 MEDIUM POC This Month

An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear R6850 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2024-30569 HIGH POC This Week

An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear R6850 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2024-30568 CRITICAL POC THREAT Act Now

Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Command Injection RCE Netgear R6850 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
47.2%
CVE-2021-45675 MEDIUM PATCH This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Netgear XSS R6120 Firmware R6260 Firmware R6850 Firmware +12
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2021-45672 MEDIUM PATCH This Month

Certain NETGEAR devices are affected by Stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Netgear XSS D6200 Firmware D7000 Firmware R6020 Firmware +17
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2021-45647 HIGH PATCH This Week

Certain NETGEAR devices are affected by disclosure of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Netgear Information Disclosure Eax80 Firmware Ex7000 Firmware R6120 Firmware +31
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-45644 CRITICAL PATCH Act Now

Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Netgear Information Disclosure Ac2100 Firmware Ac2400 Firmware Ac2600 Firmware +13
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-45534 HIGH PATCH This Week

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Netgear Command Injection Ac2100 Firmware Ac2400 Firmware Ac2600 Firmware +14
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-45511 CRITICAL POC PATCH THREAT Act Now

Certain NETGEAR devices are affected by authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Netgear Authentication Bypass Ac2100 Firmware Ac2400 Firmware Ac2600 Firmware +14
NVD
CVSS 3.1
9.8
EPSS
17.6%
CVE-2021-45501 CRITICAL PATCH Act Now

Certain NETGEAR devices are affected by authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Netgear Authentication Bypass Ac2400 Firmware Ac2600 Firmware D7000 Firmware +16
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-38537 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear XSS D6200 Firmware D7000 Firmware R6020 Firmware +15
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2021-38536 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear XSS D6200 Firmware D7000 Firmware R6020 Firmware +16
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-38535 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear XSS D6200 Firmware D7000 Firmware R6020 Firmware +16
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-38516 CRITICAL Act Now

Certain NETGEAR devices are affected by lack of access control at the function level. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure D6220 Firmware D6400 Firmware D7000 Firmware +56
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-29068 HIGH This Week

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Netgear R6700 Firmware R6400 Firmware R7000 Firmware +77
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-35800 CRITICAL Act Now

Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Ac2100 Firmware Ac2400 Firmware Ac2600 Firmware +124
NVD
CVSS 3.1
9.4
EPSS
1.9%
CVE-2020-35795 CRITICAL Act Now

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Ac2100 Firmware Ac2400 Firmware Ac2600 Firmware +74
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-17409 MEDIUM PATCH This Month

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Netgear Information Disclosure R6020 Firmware R6080 Firmware R6120 Firmware +8
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-13245 MEDIUM POC This Month

Certain NETGEAR devices are affected by Missing SSL Certificate Validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Netgear Information Disclosure R6120 Firmware R6220 Firmware R6350 Firmware +11
NVD
CVSS 3.1
5.9
EPSS
0.5%
EPSS 0% CVSS 4.8
MEDIUM Monitor

Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to. Rated medium severity (CVSS 4.8). No vendor patch available.

Information Disclosure Netgear R6260 Firmware +1
NVD
EPSS 1% CVSS 8.0
HIGH POC This Week

Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntp_server parameter. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Netgear R6850 Firmware
NVD GitHub
EPSS 14% CVSS 7.5
HIGH POC THREAT This Week

An information leak in the BRS_top.html component of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear R6850 Firmware
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear R6850 Firmware
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear R6850 Firmware
NVD GitHub
EPSS 47% CVSS 9.8
CRITICAL POC THREAT Act Now

Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Command Injection RCE +2
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Netgear XSS R6120 Firmware +14
NVD
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Certain NETGEAR devices are affected by Stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Netgear XSS D6200 Firmware +19
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Certain NETGEAR devices are affected by disclosure of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Netgear Information Disclosure Eax80 Firmware +33
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Netgear Information Disclosure Ac2100 Firmware +15
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Netgear Command Injection Ac2100 Firmware +16
NVD
EPSS 18% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Certain NETGEAR devices are affected by authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Netgear Authentication Bypass Ac2100 Firmware +16
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Certain NETGEAR devices are affected by authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Netgear Authentication Bypass Ac2400 Firmware +18
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear XSS D6200 Firmware +17
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear XSS D6200 Firmware +18
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear XSS D6200 Firmware +18
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Certain NETGEAR devices are affected by lack of access control at the function level. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure D6220 Firmware +58
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Netgear R6700 Firmware +79
NVD
EPSS 2% CVSS 9.4
CRITICAL Act Now

Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Ac2100 Firmware +126
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Ac2100 Firmware +76
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Netgear Information Disclosure R6020 Firmware +10
NVD
EPSS 0% CVSS 5.9
MEDIUM POC This Month

Certain NETGEAR devices are affected by Missing SSL Certificate Validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Netgear Information Disclosure R6120 Firmware +13
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy