Netgear Cbr40 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Netgear Cbr40 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (48)
CVE-2021-45630 — CVSS 10.0 (critical): Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before…
CVE-2021-29068 — CVSS 9.9 (critical): Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 before 1.0.4.98, R6400v2 before…
CVE-2021-45617 — CVSS 9.8 (critical): Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, EAX20 before…
CVE-2020-35795 — CVSS 9.8 (critical): Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects AC2100 before 1.2.0.72, AC2400…
CVE-2023-36187 — CVSS 9.8 (critical): Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary…
CVE-2020-26906 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before…
CVE-2020-26899 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by disclosure of sensitive information. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25…
CVE-2020-26926 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before…
CVE-2020-26928 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before…
CVE-2021-45620 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before…
CVE-2021-45621 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before…
CVE-2021-45622 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before…
CVE-2021-45628 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before…
CVE-2020-26905 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before…
CVE-2020-26903 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before…
CVE-2020-26904 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before…
CVE-2021-45612 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before…
CVE-2021-45613 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before…
CVE-2021-45615 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before…
CVE-2021-38513 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before…
CVE-2021-45504 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBR852 before…
CVE-2021-45507 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBW30 before…
CVE-2021-45508 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK752 before…
CVE-2021-45509 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, RBK752 before 3.2.17.12, RBR750 before…
CVE-2021-45631 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before…
CVE-2020-26897 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before…
CVE-2020-26900 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects CBR40 before 2.5.0.10, RBK752 before…
CVE-2020-35800 — CVSS 9.4 (critical): Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400 before…
CVE-2020-35796 — CVSS 8.8 (high): Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects CBR40 before 2.5.0.10, D6220 before…
CVE-2022-27646 — CVSS 8.8 (high): This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3…
CVE-2020-27861 — CVSS 8.8 (high): This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers…
CVE-2022-27644 — CVSS 8.8 (high): This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of…
CVE-2021-45597 — CVSS 8.4 (high): Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.24, CBR750 before…
CVE-2020-26910 — CVSS 8.4 (high): Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.10, RBK752 before…
CVE-2021-45598 — CVSS 8.4 (high): Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.24, CBR750 before…
CVE-2021-45599 — CVSS 8.4 (high): Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.24, CBR750 before…
CVE-2021-45601 — CVSS 8.4 (high): Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.24, CBR750 before…
CVE-2021-38527 — CVSS 8.1 (high): Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.14, EX6100v2…
CVE-2021-29080 — CVSS 8.1 (high): Certain NETGEAR devices are affected by password reset by an unauthenticated attacker. This affects RBK852 before 3.2.10.11, RBK853 before…
CVE-2024-28340 — CVSS 7.5 (high): An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28…
CVE-2020-35802 — CVSS 7.5 (high): Certain NETGEAR devices are affected by disclosure of sensitive information. This affects CBR40 before 2.5.0.14, RBW30 before 2.6.1.4…
CVE-2021-45529 — CVSS 7.3 (high): Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects CBR40 before 2.3.5.12, D7000v2 before…
CVE-2021-45671 — CVSS 6.5 (medium): Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX80 before 1.0.1.62, EX7500 before 1.0.0.72…
CVE-2021-45670 — CVSS 6.5 (medium): Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64…
CVE-2021-45667 — CVSS 6.5 (medium): Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64…
CVE-2021-45666 — CVSS 6.5 (medium): Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90…
CVE-2024-28339 — CVSS 5.4 (medium): An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows…
CVE-2021-45639 — CVSS 5.2 (medium): Certain NETGEAR devices are affected by reflected XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.32, EAX80 before 1.0.1.62…