Rax38 Firmware

rax38_firmware

Vendor: Netgear • 7 CVEs

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-27358 1Netgear 5Rax30 Firmware Rax35 FirmwareRax38 Firmware+2 more Jan 9, 2025 May 3, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authenticat...Show more NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of specific SOAP requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. Was ZDI-CAN-19754.Show less
CVE-2022-27647 1Netgear 33Cax80 Firmware Lax20 FirmwareMr60 Firmware+30 more Nov 21, 2024 Mar 29, 2023 N/A· v4 8.0 HIGH· v3 N/A· v2 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, th...Show more This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874.Show less
CVE-2022-27645 1Netgear 23Lax20 Firmware R6400 FirmwareR6700 Firmware+20 more Nov 21, 2024 Mar 29, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists w...Show more This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.Show less
CVE-2022-27642 1Netgear 33Cax80 Firmware Lax20 FirmwareMr60 Firmware+30 more Nov 21, 2024 Mar 29, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The spec...Show more This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.Show less
CVE-2021-45493 1Netgear 3Rax35 Firmware Rax38 FirmwareRax40 Firmware Nov 21, 2024 Dec 26, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102.
CVE-2021-41449 1Netgear 3Rax35 Firmware Rax38 FirmwareRax40 Firmware Nov 21, 2024 Dec 9, 2021 N/A· v4 7.1 HIGH· v3 3.6 LOW· v2 A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files...Show more A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.Show less
CVE-2021-38526 1Netgear 3Rax35 Firmware Rax38 FirmwareRax40 Firmware Nov 21, 2024 Aug 11, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX35 before 1.0.3.94, RAX38 before 1.0.3.94, and RAX40 before 1.0.3.94.