NETGEAR WAC104 Firmware

CPE Details

NETGEAR WAC104 Firmware
netgear
wac104_firmware
-
2021-07-01
09h14 +00:00
2021-08-19
12h53 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:o:netgear:wac104_firmware:-:*:*:*:*:*:*:*

Informations

Vendor

netgear

Product

wac104_firmware

Version

-

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2021-44261 2022-03-17 11h24 +00:00 A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device.
5.3
Moyen
CVE-2021-44262 2022-03-17 11h21 +00:00 A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information for the device.
7.5
Haute
CVE-2021-38532 2021-08-10 21h59 +00:00 NETGEAR WAC104 devices before 1.0.4.15 are affected by incorrect configuration of security settings.
7.2
Haute
CVE-2021-35973 2021-06-30 12h41 +00:00 NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the ¤tsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866. This directly allows the attacker to change the web UI password, and eventually to enable debug mode (telnetd) and gain a shell on the device as the admin limited-user account (however, escalation to root is simple because of weak permissions on the /etc/ directory).
9.8
Critique
CVE-2020-35788 2020-12-29 22h40 +00:00 NETGEAR WAC104 devices before 1.0.4.13 are affected by a buffer overflow by an authenticated user.
7.6
Haute