Total
22 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45510 | 1 Netgear | 2 Xr1000, Xr1000 Firmware | 2024-11-21 | 5.8 MEDIUM | 8.2 HIGH |
| NETGEAR XR1000 devices before 1.0.0.58 are affected by authentication bypass. | |||||
| CVE-2021-34870 | 1 Netgear | 1 Xr1000 | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 1.0.0.52_1.0.38 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP messages. The issue results from a lack of authentication required for a privileged request. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13325. | |||||