NETGEAR RAX38

CPE Details

NETGEAR RAX38
netgear
rax38
-
2021-08-18
15h19 +00:00
2021-09-24
11h38 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:h:netgear:rax38:-:*:*:*:*:*:*:*

Informations

Vendor

netgear

Product

rax38

Version

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-27358 2024-05-03 01h56 +00:00 NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of specific SOAP requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. Was ZDI-CAN-19754.
8.8
High
CVE-2021-45493 2021-12-26 00h04 +00:00 Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102.
7.6
High
CVE-2021-41449 2021-12-09 12h05 +00:00 A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet.
7.1
High
CVE-2021-38526 2021-08-10 22h01 +00:00 Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX35 before 1.0.3.94, RAX38 before 1.0.3.94, and RAX40 before 1.0.3.94.
7.5
High