Severity
Medium
Analysis Summary
CVE-2022-0182 CVSS:7.5
NETGEAR devices could allow a remote attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2021-0176 CVSS:6.3
NETGEAR devices could allow a remote attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2020-0482 CVSS:4.5
NETGEAR devices are vulnerable to a based buffer overflow, caused by improper bounds checking. By sending a specially-crafted request, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system.
CVE-2020-0578 CVSS:6.5
NETGEAR devices are vulnerable to a based buffer overflow, caused by improper bounds checking. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVE-2021-0179 CVSS:8.1
NETGEAR devices could allow a remote attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
Impact
- Buffer Overflow
- Command Execution
Indicators Of Compromise
CVE
- CVE-2022-0182
- CVE-2021-0176
- CVE-2020-0482
- CVE-2020-0578
- CVE-2021-0179
Affected Vendors
NETGEAR
Affected Products
- NETGEAR R7000P
- NETGEAR R6400v2
- NETGEAR R7000
- NETGEAR RBK852
- NETGEAR RBS850
- NETGEAR CBR750
- NETGEAR CAX80
- NETGEAR RBK752
- NETGEAR RBR750
- NETGEAR RBR840
- NETGEAR RBS840
- Netgear R6400
- NETGEAR EX6130
- NETGEAR EX7500
Remediation
Refer to NETGEAR Security Advisory for patch, upgrade or suggested workaround information.