» 2020 » 4월

CVE-2018-21131

Posted on 2020년 4월 24일2020년 4월 24일 by admin

CVE-2018-21131

Certain NETGEAR devices are affected by unauthenticated firmware downgrade. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

Source: CVE-2018-21131

CVE-2018-21110

Posted on 2020년 4월 24일2020년 4월 24일 by admin

CVE-2018-21110

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

Source: CVE-2018-21110

CVE-2018-21134

Posted on 2020년 4월 24일2020년 4월 24일 by admin

CVE-2018-21134

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects R6700 before 1.0.1.48, R7900 before 1.0.2.16, R6900 before 1.0.1.48, R7000P before 1.3.1.44, R6900P before 1.3.1.44, R6250 before 1.0.4.30, R6300v2 before 1.0.4.32, R6400 before 1.0.1.44, R6400v2 before 1.0.2.60, R7000 before 1.0.9.34, R7100LG before 1.0.0.48, R7300 before 1.0.0.68, R8000 before 1.0.4.18, R8000P before 1.4.1.24, R7900P before 1.4.1.24, R8500 before 1.0.2.122, R8300 before 1.0.2.122, WN2500RPv2 before 1.0.1.54, EX3700 before 1.0.0.72, EX3800 before 1.0.0.72, EX6000 before 1.0.0.32, EX6100 before 1.0.2.24, EX6120 before 1.0.0.42, EX6130 before 1.0.0.24, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, D7000v2 before 1.0.0.51, D6220 before 1.0.0.46, D6400 before 1.0.0.82, and D8500 before 1.0.3.42.

Source: CVE-2018-21134

CVE-2018-21108

Posted on 2020년 4월 24일2020년 4월 24일 by admin

CVE-2018-21108

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

Source: CVE-2018-21108

CVE-2018-21109

Posted on 2020년 4월 24일2020년 4월 24일 by admin

CVE-2018-21109

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

Source: CVE-2018-21109

CVE-2018-21106

Posted on 2020년 4월 24일2020년 4월 24일 by admin

CVE-2018-21106

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

Source: CVE-2018-21106

CVE-2020-5866

Posted on 2020년 4월 24일2020년 4월 24일 by admin

CVE-2020-5866

In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments.

Source: CVE-2020-5866

CVE-2020-8798

Posted on 2020년 4월 24일2020년 4월 24일 by admin

CVE-2020-8798

httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to change or access router settings by connecting to the unauthenticated setup3.htm endpoint from the local network.

Source: CVE-2020-8798

CVE-2020-5865

Posted on 2020년 4월 24일2020년 4월 24일 by admin

CVE-2020-5865

In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks.

Source: CVE-2020-5865

CVE-2020-5864

Posted on 2020년 4월 24일2020년 4월 24일 by admin

CVE-2020-5864

In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default.

Source: CVE-2020-5864