Netgear: >> Rax30 Firmware >> 1.0.6.74 Security Vulnerabilities
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that unintentionally allows users with upload permissions to execute arbitrary code on the device.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-03-10
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-03-10
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device.
CVSS Score
9.8
EPSS Score
0.033
Published
2023-03-10
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-03-10
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device.
CVSS Score
6.8
EPSS Score
0.001
Published
2023-03-10
The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-12-16
A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is “support” and cannot be changed by a user via any normally accessible means.
CVSS Score
8.8
EPSS Score
0.0
Published
2022-12-16
Page 3