Skip to main content

Rax120v2 Firmware

6 CVEs product

Monthly

CVE-2022-40620 HIGH POC This Week

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. [CVSS 7.7 HIGH]

Netgear TLS R6230 Firmware Rax120 Firmware R8900 Firmware +7
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2022-40619 HIGH POC This Week

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsq_access_token parameter. [CVSS 7.7 HIGH]

Netgear Command Injection R7000 Firmware Xr300 Firmware R6230 Firmware +7
NVD
CVSS 3.1
7.7
EPSS
0.8%
CVE-2021-45642 HIGH PATCH This Week

Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Netgear Information Disclosure D7800 Firmware Ex6250 Firmware Ex7700 Firmware +26
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2021-45619 CRITICAL Act Now

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Ex6250 Firmware Ex7700 Firmware Ex8000 Firmware +39
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-45603 MEDIUM PATCH This Month

Certain NETGEAR devices are affected by disclosure of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Netgear Information Disclosure D7800 Firmware Ex2700 Firmware Wn3000Rpv2 Firmware +15
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-45602 HIGH PATCH This Week

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Netgear Command Injection D7800 Firmware Ex2700 Firmware Wn3000Rpv2 Firmware +15
NVD
CVSS 3.1
7.8
EPSS
0.7%
EPSS 0% CVSS 7.7
HIGH POC This Week

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. [CVSS 7.7 HIGH]

Netgear TLS R6230 Firmware +9
NVD
EPSS 1% CVSS 7.7
HIGH POC This Week

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsq_access_token parameter. [CVSS 7.7 HIGH]

Netgear Command Injection R7000 Firmware +9
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Netgear Information Disclosure D7800 Firmware +28
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Ex6250 Firmware +41
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Certain NETGEAR devices are affected by disclosure of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Netgear Information Disclosure D7800 Firmware +17
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Netgear Command Injection D7800 Firmware +17
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy