π¨ CVE-2021-45624
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, R7000 before 1.0.11.110, R7100LG before 1.0.0.72, R7900 before 1.0.4.30, R8000 before 1.0.4.62, XR300 before 1.0.3.56, R7000P before 1.3.2.132, R8500 before 1.0.2.144, R6900P before 1.3.2.132, and R8300 before 1.0.2.144.
π@cveNotify
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, R7000 before 1.0.11.110, R7100LG before 1.0.0.72, R7900 before 1.0.4.30, R8000 before 1.0.4.62, XR300 before 1.0.3.56, R7000P before 1.3.2.132, R8500 before 1.0.2.144, R6900P before 1.3.2.132, and R8300 before 1.0.2.144.
π@cveNotify
Netgear
Security Advisory for Pre-Authentication Command Injection on Some Routers, PSV-2020-0298 | Answer | NETGEAR Support
Associated CVE IDs: None First published: 2021-12-21 NETGEAR has released fixes for a pre-authentication command injection security vulnerability on the following product models: D7000v2, running firmware versions prior to 1.0.0.66 D8500, running firmwareβ¦
π¨ CVE-2021-45666
Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, RBW30 before 2.6.1.4, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, and RBS40V before 2.6.1.4.
π@cveNotify
Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, RBW30 before 2.6.1.4, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, and RBS40V before 2.6.1.4.
π@cveNotify
Netgear
Security Advisory for Stored Cross Site Scripting on Some Extenders and WiFi Systems, PSV-2020-0254 | Answer | NETGEAR Support
Associated CVE IDs: None First published: 2021-09-26 NETGEAR has released fixes for a stored cross site scripting security vulnerability on the following product models: CBR40, running firmware versions prior to 2.5.0.10 EAX80, running firmware versions priorβ¦
π¨ CVE-2021-45679
Certain NETGEAR devices are affected by privilege escalation. This affects R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, and RS400 before 1.5.1.80.
π@cveNotify
Certain NETGEAR devices are affected by privilege escalation. This affects R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, and RS400 before 1.5.1.80.
π@cveNotify
Netgear
Security Advisory for Vertical Privilege Escalation on Some Routers, PSV-2021-0043 | Answer | NETGEAR Support
Associated CVE IDs: None First published: 2021-12-22 NETGEAR has released fixes for a vertical privilege escalation security vulnerability on the following product models: R6900P, running firmware versions prior to 1.3.3.140 R7000, running firmware versionsβ¦
π¨ CVE-2021-37583
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write).
π@cveNotify
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write).
π@cveNotify
NETGEAR KB
Security Advisory for WiFi WPS and IEEE-1905 Vulnerabilities on Multiple Products, PSV-2021-0298 & PSV-2021-0300
First published: 2021-11-11 Associated CVE IDs WPS connection Vulnerabilities CVE-2021-35055, CVE-2021-37560, CVE-2021-37561, CVE-2021-37584, CVE-2021-37563, CVE-2021-32467, CVE-2021-32468, CVE-2021-32469, CVE-2021-37562 IEEE 1905 Vulnerabilities CVE-2021β¦
π¨ CVE-2021-37572
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Missing authorization).
π@cveNotify
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Missing authorization).
π@cveNotify
NETGEAR KB
Security Advisory for WiFi WPS and IEEE-1905 Vulnerabilities on Multiple Products, PSV-2021-0298 & PSV-2021-0300
First published: 2021-11-11 Associated CVE IDs WPS connection Vulnerabilities CVE-2021-35055, CVE-2021-37560, CVE-2021-37561, CVE-2021-37584, CVE-2021-37563, CVE-2021-32467, CVE-2021-32468, CVE-2021-32469, CVE-2021-37562 IEEE 1905 Vulnerabilities CVE-2021β¦
π¨ CVE-2021-37571
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write).
π@cveNotify
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write).
π@cveNotify
NETGEAR KB
Security Advisory for WiFi WPS and IEEE-1905 Vulnerabilities on Multiple Products, PSV-2021-0298 & PSV-2021-0300
First published: 2021-11-11 Associated CVE IDs WPS connection Vulnerabilities CVE-2021-35055, CVE-2021-37560, CVE-2021-37561, CVE-2021-37584, CVE-2021-37563, CVE-2021-32467, CVE-2021-32468, CVE-2021-32469, CVE-2021-37562 IEEE 1905 Vulnerabilities CVE-2021β¦
π¨ CVE-2021-37570
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds read).
π@cveNotify
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds read).
π@cveNotify
NETGEAR KB
Security Advisory for WiFi WPS and IEEE-1905 Vulnerabilities on Multiple Products, PSV-2021-0298 & PSV-2021-0300
First published: 2021-11-11 Associated CVE IDs WPS connection Vulnerabilities CVE-2021-35055, CVE-2021-37560, CVE-2021-37561, CVE-2021-37584, CVE-2021-37563, CVE-2021-32467, CVE-2021-32468, CVE-2021-32469, CVE-2021-37562 IEEE 1905 Vulnerabilities CVE-2021β¦
π¨ CVE-2021-37569
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write).
π@cveNotify
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write).
π@cveNotify
NETGEAR KB
Security Advisory for WiFi WPS and IEEE-1905 Vulnerabilities on Multiple Products, PSV-2021-0298 & PSV-2021-0300
First published: 2021-11-11 Associated CVE IDs WPS connection Vulnerabilities CVE-2021-35055, CVE-2021-37560, CVE-2021-37561, CVE-2021-37584, CVE-2021-37563, CVE-2021-32467, CVE-2021-32468, CVE-2021-32469, CVE-2021-37562 IEEE 1905 Vulnerabilities CVE-2021β¦
π¨ CVE-2021-37568
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write).
π@cveNotify
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write).
π@cveNotify
NETGEAR KB
Security Advisory for WiFi WPS and IEEE-1905 Vulnerabilities on Multiple Products, PSV-2021-0298 & PSV-2021-0300
First published: 2021-11-11 Associated CVE IDs WPS connection Vulnerabilities CVE-2021-35055, CVE-2021-37560, CVE-2021-37561, CVE-2021-37584, CVE-2021-37563, CVE-2021-32467, CVE-2021-32468, CVE-2021-32469, CVE-2021-37562 IEEE 1905 Vulnerabilities CVE-2021β¦
π¨ CVE-2021-37567
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds read).
π@cveNotify
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds read).
π@cveNotify
NETGEAR KB
Security Advisory for WiFi WPS and IEEE-1905 Vulnerabilities on Multiple Products, PSV-2021-0298 & PSV-2021-0300
First published: 2021-11-11 Associated CVE IDs WPS connection Vulnerabilities CVE-2021-35055, CVE-2021-37560, CVE-2021-37561, CVE-2021-37584, CVE-2021-37563, CVE-2021-32467, CVE-2021-32468, CVE-2021-32469, CVE-2021-37562 IEEE 1905 Vulnerabilities CVE-2021β¦
π¨ CVE-2021-37566
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7610, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write).
π@cveNotify
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7610, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write).
π@cveNotify
NETGEAR KB
Security Advisory for WiFi WPS and IEEE-1905 Vulnerabilities on Multiple Products, PSV-2021-0298 & PSV-2021-0300
First published: 2021-11-11 Associated CVE IDs WPS connection Vulnerabilities CVE-2021-35055, CVE-2021-37560, CVE-2021-37561, CVE-2021-37584, CVE-2021-37563, CVE-2021-32467, CVE-2021-32468, CVE-2021-32469, CVE-2021-37562 IEEE 1905 Vulnerabilities CVE-2021β¦
π¨ CVE-2021-37565
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds read).
π@cveNotify
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds read).
π@cveNotify
NETGEAR KB
Security Advisory for WiFi WPS and IEEE-1905 Vulnerabilities on Multiple Products, PSV-2021-0298 & PSV-2021-0300
First published: 2021-11-11 Associated CVE IDs WPS connection Vulnerabilities CVE-2021-35055, CVE-2021-37560, CVE-2021-37561, CVE-2021-37584, CVE-2021-37563, CVE-2021-32467, CVE-2021-32468, CVE-2021-32469, CVE-2021-37562 IEEE 1905 Vulnerabilities CVE-2021β¦
π¨ CVE-2021-37564
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds read).
π@cveNotify
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds read).
π@cveNotify
NETGEAR KB
Security Advisory for WiFi WPS and IEEE-1905 Vulnerabilities on Multiple Products, PSV-2021-0298 & PSV-2021-0300
First published: 2021-11-11 Associated CVE IDs WPS connection Vulnerabilities CVE-2021-35055, CVE-2021-37560, CVE-2021-37561, CVE-2021-37584, CVE-2021-37563, CVE-2021-32467, CVE-2021-32468, CVE-2021-32469, CVE-2021-37562 IEEE 1905 Vulnerabilities CVE-2021β¦
π¨ CVE-2021-46038
A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chunk.isra, which causes a Denial of Service (context-dependent).
π@cveNotify
A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chunk.isra, which causes a Denial of Service (context-dependent).
π@cveNotify
GitHub
untrusted pointer dereference in unlink_chunk.isra Β· Issue #2000 Β· gpac/gpac
Thanks for reporting your issue. Please make sure these boxes are checked before submitting your issue - thank you! [Yes ] I looked for a similar issue and couldn't find any. [ Yes] I tried...
π¨ CVE-2021-45970
An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (the status code saved at the CommBuffer+4 location).
π@cveNotify
An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (the status code saved at the CommBuffer+4 location).
π@cveNotify
Insyde Software
Security Pledge
Product security is a top priority and one that we continue to improve upon continuously.
π¨ CVE-2021-45969
An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (the CommBuffer+8 location).
π@cveNotify
An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (the CommBuffer+8 location).
π@cveNotify
Insyde Software
Security Pledge
Product security is a top priority and one that we continue to improve upon continuously.
π¨ CVE-2020-5956
An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel 5.1 before 05.15.11, 5.2 before 05.25.11, 5.3 before 05.34.11, and 5.4 before 05.42.11. The software SMI handler allows untrusted external input because it does not verify CommBuffer.
π@cveNotify
An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel 5.1 before 05.15.11, 5.2 before 05.25.11, 5.3 before 05.34.11, and 5.4 before 05.42.11. The software SMI handler allows untrusted external input because it does not verify CommBuffer.
π@cveNotify
Insyde Software
Security Pledge
Product security is a top priority and one that we continue to improve upon continuously.
π¨ CVE-2021-45971
An issue was discovered in SdHostDriver in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (CommBufferData).
π@cveNotify
An issue was discovered in SdHostDriver in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (CommBufferData).
π@cveNotify
Insyde Software
Security Pledge
Product security is a top priority and one that we continue to improve upon continuously.
π¨ CVE-2021-41842
An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde InsydeH2O. Code execution can occur because the SMI handler lacks a CommBuffer check.
π@cveNotify
An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde InsydeH2O. Code execution can occur because the SMI handler lacks a CommBuffer check.
π@cveNotify
Insyde Software
Security Pledge
Product security is a top priority and one that we continue to improve upon continuously.
π¨ CVE-2021-44790
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
π@cveNotify
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
π@cveNotify
httpd.apache.org
Apache HTTP Server 2.4 vulnerabilities - The Apache HTTP Server Project
π¨ CVE-2021-44224
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).
π@cveNotify
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).
π@cveNotify
httpd.apache.org
Apache HTTP Server 2.4 vulnerabilities - The Apache HTTP Server Project