Netgear Ex8000 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Netgear Ex8000 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (31)
CVE-2019-20730 — CVSS 9.8 (critical): Certain NETGEAR devices are affected by SQL injection. This affects D3600 before 1.0.0.68, D6000 before 1.0.0.68, D6200 before 1.1.00.28…
CVE-2025-50526 — CVSS 9.8 (critical): Netgear EX8000 V1.0.0.126 was discovered to contain a command injection vulnerability via the switch_status function.
CVE-2018-21153 — CVSS 9.8 (critical): Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.34, DM200 before…
CVE-2025-45492 — CVSS 9.8 (critical): Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function.
CVE-2021-45619 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects EX6200v2 before 1.0.1.86, EX6250…
CVE-2021-45618 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.64, EX6200v2…
CVE-2020-35800 — CVSS 9.4 (critical): Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400 before…
CVE-2021-27252 — CVSS 8.8 (high): This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version…
CVE-2020-27861 — CVSS 8.8 (high): This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers…
CVE-2020-35799 — CVSS 8.8 (high): Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76…
CVE-2021-27251 — CVSS 8.8 (high): This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800…
CVE-2021-27253 — CVSS 8.8 (high): This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800…
CVE-2021-27254 — CVSS 8.8 (high): This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is…
CVE-2021-27255 — CVSS 8.8 (high): This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76…
CVE-2021-27256 — CVSS 8.8 (high): This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version…
CVE-2022-27641 — CVSS 8.8 (high): This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3…
CVE-2021-38527 — CVSS 8.1 (high): Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.14, EX6100v2…
CVE-2020-35787 — CVSS 8.0 (high): Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before…
CVE-2019-20688 — CVSS 6.8 (medium): Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before…
CVE-2019-20723 — CVSS 6.8 (medium): Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000…
CVE-2019-20751 — CVSS 6.8 (medium): Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, DM200…
CVE-2021-38525 — CVSS 6.8 (medium): Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.76, D6000…
CVE-2019-20689 — CVSS 6.8 (medium): Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6000 before 1.0.0.75, D6100 before…
CVE-2017-18788 — CVSS 6.7 (medium): Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.67, D6000 before…
CVE-2021-27257 — CVSS 6.5 (medium): This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of…
CVE-2025-45493 — CVSS 6.5 (medium): Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the iface parameter in the action_bandwidth function.
CVE-2019-20717 — CVSS 6.5 (medium): Certain NETGEAR devices are affected by denial of service. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before…
CVE-2018-21167 — CVSS 5.5 (medium): Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.57, DM200 before 1.0.0.50, EX2700 before 1.0.1.32…
CVE-2017-18785 — CVSS 4.8 (medium): Certain NETGEAR devices are affected by XSS. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D6200 before…
CVE-2021-38514 — CVSS 2.4 (low): Certain NETGEAR devices are affected by authentication bypass. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6100 before…