Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2021-20172

    All known versions of the Netgear Genie Installer for macOS contain a local privilege escalation vulnerability. The installer of the macOS version of Netgear Genie handles certain files in an insecure way. A malicious actor who has local access to the end... Read more

    Affected Products : genie_installer
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2021-20171

    Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device's associated services are stored in plaintext on the device. For example, the admin password is stored in plaintext in the primary configu... Read more

    Affected Products : rax43_firmware rax43
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-20170

    Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted. This encryption is accomplished via a password-pro... Read more

    Affected Products : rax43_firmware rax43
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-20169

    Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. By default, all communication to/from the device is sent via HTTP, which causes potentially sensitive information (such as usernames and passwords) to be transmitt... Read more

    Affected Products : rax43_firmware rax43
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-20168

    Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection, login with default credentials, and execute comman... Read more

    Affected Products : rax43_firmware rax43
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2021-20167

    Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter.... Read more

    Affected Products : rax43_firmware rax43
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-20166

    Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton.... Read more

    Affected Products : rax43_firmware rax43
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2021-20165

    Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most pages lack proper usage of CSRF protections or mitigations. Additionally, pages that do make use of CSRF tokens are trivially bypassable as the server does not a... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-20164

    Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionality of the device. Usernames and passwords for all smb users are revealed in plaintext on the smbserver.asp page.... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-20163

    Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. Usernames and passwords for all ftp users are revealed in plaintext on the ftpserver.asp page.... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2021-20162

    Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and passwords are stored in plaintext in the config files on the device. For example, /etc/config/cameo contains the admin password in plaintext.... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2021-20161

    Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functionality. A malicious actor with physical access to the device is able to connect to the UART port via a serial connection. No username or password is requir... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-20160

    Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb functionality of the device. The username parameter used when configuring smb functionality for the device is vulnerable to command injection as root.... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2021-20159

    Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection. The system log functionality of the firmware allows for command injection as root by supplying a malformed parameter.... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-20158

    Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is possible for an unauthenticated, malicous actor to force the change of the admin password due to a hidden administrative command.... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2021-20157

    It is possible for an unauthenticated, malicious user to force the device to reboot due to a hidden administrative command.... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2021-20156

    Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access control configuration that could allow for a malicious firmware update. It is possible to manually install firmware that may be malicious in nature as there does not appear to be any s... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-20155

    Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to backup and restore device configurations via the management web interface. These devices are encrypted using a hardcoded password of "12345678".... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2021-20154

    Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS is not enabled on the device by default. This results in cleartext transmission of sensitive information such as passwords.... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024

  • 6.9

    MEDIUM
    CVE-2021-20153

    Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functionality. If enabled, the bittorrent functionality is vulnerable to a symlink attack that could lead to remote code execution on the device. If an end user ... Read more

    Affected Products : tew-827dru_firmware tew-827dru
    • Published: Dec. 30, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293654 Results