NETGEAR WAC104 Firmware 1.0.4.13

CPE Details

NETGEAR WAC104 Firmware 1.0.4.13
netgear
wac104_firmware
1.0.4.13
2020-12-31
13h44 +00:00
2020-12-31
13h44 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:o:netgear:wac104_firmware:1.0.4.13:*:*:*:*:*:*:*

Informations

Vendor

netgear

Product

wac104_firmware

Version

1.0.4.13

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-44261 2022-03-17 11h24 +00:00 A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device.
5.3
Medium
CVE-2021-44262 2022-03-17 11h21 +00:00 A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information for the device.
7.5
High
CVE-2021-38532 2021-08-10 21h59 +00:00 NETGEAR WAC104 devices before 1.0.4.15 are affected by incorrect configuration of security settings.
7.2
High
CVE-2021-35973 2021-06-30 12h41 +00:00 NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the ¤tsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866. This directly allows the attacker to change the web UI password, and eventually to enable debug mode (telnetd) and gain a shell on the device as the admin limited-user account (however, escalation to root is simple because of weak permissions on the /etc/ directory).
9.8
Critical
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.