|
Security Vulnerabilities
(CVSS score between 5 and 5.99)
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
14451 |
CVE-2017-18916 |
732 |
|
|
2020-06-19 |
2020-06-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction. |
14452 |
CVE-2017-18914 |
754 |
|
|
2020-06-19 |
2020-06-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist. |
14453 |
CVE-2017-18905 |
613 |
|
|
2020-06-19 |
2020-06-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled. |
14454 |
CVE-2017-18903 |
352 |
|
CSRF |
2020-06-19 |
2020-06-25 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled. |
14455 |
CVE-2017-18902 |
200 |
|
+Info |
2020-06-19 |
2020-06-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints. |
14456 |
CVE-2017-18901 |
200 |
|
+Info |
2020-06-19 |
2020-06-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover a team invite ID by requesting a JSON document. |
14457 |
CVE-2017-18899 |
770 |
|
|
2020-06-19 |
2020-06-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting. |
14458 |
CVE-2017-18898 |
404 |
|
|
2020-06-19 |
2020-06-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang. |
14459 |
CVE-2017-18897 |
601 |
|
|
2020-06-19 |
2020-06-26 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection. |
14460 |
CVE-2017-18896 |
732 |
|
|
2020-06-19 |
2020-06-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint. |
14461 |
CVE-2017-18895 |
200 |
|
+Info |
2020-06-19 |
2020-06-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information (user statuses) via a REST API version 4 endpoint. |
14462 |
CVE-2017-18894 |
732 |
|
Bypass |
2020-06-19 |
2020-06-26 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover. |
14463 |
CVE-2017-18891 |
601 |
|
|
2020-06-19 |
2020-06-29 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows Phishing because an error page can have a link. |
14464 |
CVE-2017-18887 |
200 |
|
+Info |
2020-06-19 |
2020-06-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It discloses the team creator's e-mail address to members. |
14465 |
CVE-2017-18884 |
269 |
|
+Priv |
2020-06-19 |
2020-06-30 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens. |
14466 |
CVE-2017-18874 |
22 |
|
Dir. Trav. |
2020-06-19 |
2020-06-29 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal. |
14467 |
CVE-2017-18873 |
20 |
|
DoS |
2020-06-19 |
2020-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to cause a denial of service (channel invisibility) via a misformatted post. |
14468 |
CVE-2017-18871 |
|
|
DoS |
2020-06-19 |
2020-06-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attackers to cause a denial of service (application crash) via an @ character before a JavaScript field name. |
14469 |
CVE-2017-18868 |
276 |
|
|
2020-05-21 |
2020-05-22 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to the network stack upon which the ZigBee protocol is built. |
14470 |
CVE-2017-18865 |
787 |
|
Overflow |
2020-05-05 |
2020-05-06 |
5.2 |
None |
Local Network |
Low |
??? |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8300 before 1.0.2.104 and R8500 before 1.0.2.104. |
14471 |
CVE-2017-18864 |
120 |
|
Overflow |
2020-05-05 |
2020-05-08 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7000P before 1.0.0.56, R6900P before 1.0.0.56, R7100LG before 1.0.0.32, R7300 before 1.0.0.54, R7900 before 1.0.1.18, R8300 before 1.0.2.104, and R8500 before 1.0.2.104. |
14472 |
CVE-2017-18859 |
|
|
|
2020-04-28 |
2020-05-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Certain NETGEAR devices are affected by slowdown/stoppage. This affects C6300 before 2017-05-30, CM400 before 2017-05-30, CM700 before 2017-05-30, and CMD31T before 2017-05-30. |
14473 |
CVE-2017-18853 |
200 |
|
Bypass +Info |
2020-04-29 |
2020-05-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Certain NETGEAR devices are affected by password recovery and file access. This affects D8500 1.0.3.27 and earlier, DGN2200v4 1.0.0.82 and earlier, R6300v2 1.0.4.06 and earlier, R6400 1.0.1.20 and earlier, R6400v2 1.0.2.18 and earlier, R6700 1.0.1.22 and earlier, R6900 1.0.1.20 and earlier, R7000 1.0.7.10 and earlier, R7000P 1.0.0.58 and earlier, R7100LG 1.0.0.28 and earlier, R7300DST 1.0.0.52 and earlier, R7900 1.0.1.12 and earlier, R8000 1.0.3.46 and earlier, R8300 1.0.2.86 and earlier, R8500 1.0.2.86 and earlier, WNDR3400v3 1.0.1.8 and earlier, and WNDR4500v2 1.0.0.62 and earlier. |
14474 |
CVE-2017-18799 |
20 |
|
|
2020-04-21 |
2020-04-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6200v2 before 1.0.3.14, R6250 before 1.0.4.8, R6300v2 before 1.0.4.8, R6700 before 1.1.1.20, R7000 before 1.0.7.10, R7000P/R6900P before 1.0.0.56, R7100LG before 1.0.0.30, R7900 before 1.0.1.14, R8000 before 1.0.3.22, R8500 before 1.0.2.74, and D8500 before 1.0.3.28. |
14475 |
CVE-2017-18772 |
287 |
|
Bypass |
2020-04-22 |
2020-04-24 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by authentication bypass. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, R8500 before 1.0.2.74, and WNR2000v2 before 1.2.0.8. |
14476 |
CVE-2017-18770 |
120 |
|
Overflow |
2020-04-22 |
2020-04-23 |
5.2 |
None |
Local Network |
Low |
??? |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R7800 before 1.0.2.36, PLW1000v2 before 1.0.0.14, and PLW1010v2 before 1.0.0.14. |
14477 |
CVE-2017-18767 |
74 |
|
|
2020-04-22 |
2020-04-24 |
5.2 |
None |
Local Network |
Low |
??? |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.34, D8500 before 1.0.3.39, R6400 before 1.0.1.14, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7100LG before 1.0.0.32, R7300 before 1.0.0.56, R7800 before 1.0.2.36, R7900 before 1.0.2.10, R8000 before 1.0.3.24, R8300 before 1.0.2.74, and R8500 before 1.0.2.74. |
14478 |
CVE-2017-18764 |
74 |
|
|
2020-04-22 |
2020-04-24 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6100 before 1.0.1.14, R6120 before 1.0.0.30, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WNDR3700v4 before 1.0.2.88, WNDR3700v5 before 1.1.0.48, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.58, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44. |
14479 |
CVE-2017-18762 |
74 |
|
|
2020-04-22 |
2020-04-24 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6100 before 1.0.0.57, R6100 before 1.0.1.16, R6900P before 1.2.0.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R7100LG before 1.0.0.40, WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58. |
14480 |
CVE-2017-18761 |
787 |
|
Overflow |
2020-04-22 |
2020-04-24 |
5.2 |
None |
Local Network |
Low |
??? |
Partial |
Partial |
Partial |
NETGEAR R8000 devices before 1.0.4.2 are affected by a stack-based buffer overflow by an authenticated user. |
14481 |
CVE-2017-18759 |
787 |
|
Overflow |
2020-04-22 |
2020-04-24 |
5.2 |
None |
Local Network |
Low |
??? |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8300 before 1.0.2.104 and R8500 before 1.0.2.104. |
14482 |
CVE-2017-18758 |
787 |
|
Overflow |
2020-04-22 |
2020-04-24 |
5.2 |
None |
Local Network |
Low |
??? |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42. |
14483 |
CVE-2017-18756 |
|
|
|
2020-04-22 |
2020-04-27 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6220 before 1.0.0.32, D6400 before 1.0.0.66, D8500 before 1.0.3.35, DGN2200Bv4 before 1.0.0.94, DGN2200v4 before 1.0.0.94, R6250 before 1.0.4.14, R6300v2 before 1.0.4.18, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 before 1.0.1.30, R6900P before 1.3.0.8, R7000 before 1.0.9.14, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7900 before 1.0.2.4, R8000 before 1.0.4.2, WN2500RPv2 before 1.0.1.50, WNDR3400v3 before 1.0.1.14, and WNDR4000 before 1.0.2.10. |
14484 |
CVE-2017-18754 |
74 |
|
|
2020-04-22 |
2020-04-24 |
5.2 |
None |
Local Network |
Low |
??? |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WNDR3700v4 before 1.0.2.88, WNDR4300v1 before 1.0.2.90, and WNR2000v5 before 1.0.0.58. |
14485 |
CVE-2017-18751 |
787 |
|
Overflow |
2020-04-23 |
2020-04-27 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.28, R6100 before 1.0.1.16, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48. |
14486 |
CVE-2017-18750 |
787 |
|
Overflow |
2020-04-23 |
2020-04-23 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42. |
14487 |
CVE-2017-18748 |
|
|
|
2020-04-23 |
2020-04-28 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects EX6200v2 before 1.0.1.44, R6100 before 1.0.1.12, R7500 before 1.0.0.108, R7500v2 before 1.0.3.10, R7800 before 1.0.2.28, R9000 before 1.0.2.30, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48. |
14488 |
CVE-2017-18744 |
120 |
|
Overflow |
2020-04-23 |
2020-04-23 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6250 before 1.0.4.12, R6300v2 before 1.0.4.12, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7900 before 1.0.1.12, R8000 before 1.0.3.24, and R8500 before 1.0.2.74. |
14489 |
CVE-2017-18743 |
287 |
|
Bypass |
2020-04-23 |
2020-04-27 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by authentication bypass. This affects R6300v2 before 1.0.4.8, R6400 before 1.0.1.20, R6700 before 1.0.1.20, R6900 before 1.0.1.20, R7000 before 1.0.7.10, R7100LG before V1.0.0.32, R7300DST before 1.0.0.52, R7900 before 1.0.1.16, R8000 before 1.0.3.36, R8300 before 1.0.2.94, R8500 before 1.0.2.94, WNDR3400v3 before 1.0.1.12, and WNR3500Lv2 before 1.2.0.40. |
14490 |
CVE-2017-18740 |
|
|
|
2020-04-23 |
2020-04-27 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.61, D6000 before 1.0.0.61, D6100 before 1.0.0.55, D7800 before 1.0.1.28, R6100 before 1.0.1.16, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.40, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58. |
14491 |
CVE-2017-18739 |
120 |
|
Overflow |
2020-04-23 |
2020-04-23 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6220 before V1.1.0.50, R7800 before V1.0.2.36, WNDR3400v3 before 1.0.1.14, and WNDR3700v5 before V1.1.0.48. |
14492 |
CVE-2017-18738 |
787 |
|
Overflow |
2020-04-23 |
2020-04-23 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX6150v2 before 1.0.1.54, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R6900P before 1.2.0.22, R7100LG before 1.0.0.32, R7300DST before 1.0.0.54, R7900 before 1.0.1.18, R8000 before 1.0.3.48, R8300 before 1.0.2.106, R8500 before 1.0.2.106, R6100 before 1.0.1.16, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.58. |
14493 |
CVE-2017-18737 |
74 |
|
|
2020-04-23 |
2020-04-23 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44. |
14494 |
CVE-2017-18736 |
74 |
|
|
2020-04-23 |
2020-04-23 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JR6150 before 1.0.1.10, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, and WNDR3700v5 before 1.1.0.48. |
14495 |
CVE-2017-18735 |
74 |
|
|
2020-04-23 |
2020-04-23 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JR6150 before 1.0.1.10, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, and R6900v2 before 1.2.0.4. |
14496 |
CVE-2017-18734 |
74 |
|
|
2020-04-23 |
2020-04-23 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44. |
14497 |
CVE-2017-18733 |
287 |
|
Bypass |
2020-04-23 |
2020-04-23 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by authentication bypass. This affects D6220 before 1.0.0.28, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.8, R6400 before 1.0.1.22, R6400v2 before 1.0.2.32, R7100LG before 1.0.0.32, R7300DST before 1.0.0.52, R8300 before 1.0.2.94, and R8500 before 1.0.2.100. |
14498 |
CVE-2017-18732 |
287 |
|
Bypass |
2020-04-23 |
2020-04-23 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by authentication bypass. This affects R6300v2 before 1.0.4.8, PLW1000v2 before 1.0.0.14, and PLW1010v2 before 1.0.0.14. |
14499 |
CVE-2017-18731 |
|
|
|
2020-04-24 |
2020-04-30 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6100 before 1.0.1.16, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, and WNR2000v5 before 1.0.0.58. |
14500 |
CVE-2017-18730 |
787 |
|
Overflow |
2020-04-24 |
2020-04-30 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6120 before 1.0.0.36, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42. |
|
|