CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4951 CVE-2017-18860 74 Exec Code 2020-04-29 2020-05-05
3.6
None Local Low Not required None Partial Partial
Certain NETGEAR devices are affected by debugging command execution. This affects FS752TP 5.4.2.19 and earlier, GS108Tv2 5.4.2.29 and earlier, GS110TP 5.4.2.29 and earlier, GS418TPP 6.6.2.6 and earlier, GS510TLP 6.6.2.6 and earlier, GS510TP 5.04.2.27 and earlier, GS510TPP 6.6.2.6 and earlier, GS716Tv2 5.4.2.27 and earlier, GS716Tv3 6.3.1.16 and earlier, GS724Tv3 5.4.2.27 and earlier, GS724Tv4 6.3.1.16 and earlier, GS728TPSB 5.3.0.29 and earlier, GS728TSB 5.3.0.29 and earlier, GS728TXS 6.1.0.35 and earlier, GS748Tv4 5.4.2.27 and earlier, GS748Tv5 6.3.1.16 and earlier, GS752TPSB 5.3.0.29 and earlier, GS752TSB 5.3.0.29 and earlier, GS752TXS 6.1.0.35 and earlier, M4200 12.0.2.10 and earlier, M4300 12.0.2.10 and earlier, M5300 11.0.0.28 and earlier, M6100 11.0.0.28 and earlier, M7100 11.0.0.28 and earlier, S3300 6.6.1.4 and earlier, XS708T 6.6.0.11 and earlier, XS712T 6.1.0.34 and earlier, and XS716T 6.6.0.11 and earlier.
4952 CVE-2017-18839 79 XSS 2020-04-20 2020-04-22
3.5
None Remote Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.
4953 CVE-2017-18832 79 XSS 2020-04-20 2020-04-22
3.5
None Remote Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.
4954 CVE-2017-18831 79 XSS 2020-04-20 2020-04-22
3.5
None Remote Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.
4955 CVE-2017-18828 79 XSS 2020-04-20 2020-04-22
3.5
None Remote Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.
4956 CVE-2017-18827 79 XSS 2020-04-20 2020-04-22
3.5
None Remote Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.
4957 CVE-2017-18825 79 XSS 2020-04-20 2020-04-22
3.5
None Remote Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.
4958 CVE-2017-18821 79 XSS 2020-04-21 2020-04-24
3.5
None Remote Medium ??? None Partial None
Certain NETGEAR devices are affected by stored XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.
4959 CVE-2017-18820 79 XSS 2020-04-21 2020-04-24
3.5
None Remote Medium ??? None Partial None
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.
4960 CVE-2017-18816 79 XSS 2020-04-21 2020-04-24
3.5
None Remote Medium ??? None Partial None
NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.
4961 CVE-2017-18815 79 XSS 2020-04-21 2020-04-24
3.5
None Remote Medium ??? None Partial None
NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.
4962 CVE-2017-18814 79 XSS 2020-04-21 2020-04-24
3.5
None Remote Medium ??? None Partial None
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.
4963 CVE-2017-18813 79 XSS 2020-04-21 2020-04-28
3.5
None Remote Medium ??? None Partial None
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.
4964 CVE-2017-18812 79 XSS 2020-04-21 2020-04-28
3.5
None Remote Medium ??? None Partial None
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.
4965 CVE-2017-18811 79 XSS 2020-04-21 2020-04-28
3.5
None Remote Medium ??? None Partial None
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.
4966 CVE-2017-18810 79 XSS 2020-04-21 2020-04-24
3.5
None Remote Medium ??? None Partial None
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.
4967 CVE-2017-18809 79 XSS 2020-04-21 2020-04-28
3.5
None Remote Medium ??? None Partial None
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.
4968 CVE-2017-18807 79 XSS 2020-04-21 2020-04-24
3.5
None Remote Medium ??? None Partial None
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS.
4969 CVE-2017-18785 79 XSS 2020-04-22 2020-04-23
3.5
None Remote Medium ??? None Partial None
Certain NETGEAR devices are affected by XSS. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D6200 before 1.1.00.24, D6220 before 1.0.0.32, D6400 before 1.0.0.66, D7000 before 1.0.1.52, D7000v2 before 1.0.0.44, D7800 before 1.0.1.30, D8500 before 1.0.3.35, DGN2200v4 before 1.0.0.96, DGN2200Bv4 before 1.0.0.96, EX2700 before 1.0.1.28, EX6100v2 before 1.0.1.54, EX6150v2 before 1.0.1.54, EX6200v2 before 1.0.1.52, EX6400 before 1.0.1.72, EX7300 before 1.0.1.72, EX8000 before 1.0.0.102, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6080 before 1.0.0.26, R6100 before 1.0.1.20, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.0.1.32, R6400v2 before 1.0.2.46, R6700 before 1.0.1.36, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, R6700v2 before 1.2.0.12, R6900 before 1.0.1.34, R6900P before 1.3.0.8, R7000 before 1.0.9.18, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.58, R7500 before 1.0.0.118, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R7900 before 1.0.2.4, R7900P before 1.1.5.14, R8000 before 1.0.4.4, R8000P before 1.1.5.14, R8500 before 1.0.2.110, R8300 before 1.0.2.110, R9000 before 1.0.2.52, WN2000RPTv3 before 1.0.1.8, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.42, WNDR3400v3 before 1.0.1.16, WNDR3700v4 before 1.0.2.94, WNDR4300 before 1.0.2.96, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, WNR1000v4 before 1.1.0.44, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.44, WNR2050 before 1.1.0.44, and WNR3500Lv2 before 1.2.0.46.
4970 CVE-2017-18766 200 +Info 2020-04-22 2020-04-24
3.3
None Local Network Low Not required Partial None None
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects DST6501 before 1.1.0.6 and WNR2000v2 before 1.2.0.8.
4971 CVE-2017-18765 DoS 2020-04-22 2020-04-27
3.3
None Local Network Low Not required None None Partial
Certain NETGEAR devices are affected by denial of service. This affects R6300v2 before 1.0.4.8, R6400 before 1.0.1.22, R6400v2 before 1.0.2.32, R6700 before 1.0.1.20, R6900 before 1.0.1.20, WNR3500Lv2 before 1.2.0.44, and WNR2000v2 before 1.2.0.8.
4972 CVE-2017-18763 20 2020-04-22 2020-04-24
3.3
None Local Network Low Not required None Partial None
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JNR1010v2 before 1.1.0.42, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.42, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6120 before 1.0.0.30, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.42, WNR2020 before 1.1.0.42, and WNR2050 before 1.1.0.42.
4973 CVE-2017-18752 200 +Info 2020-04-22 2020-04-27
3.3
None Local Network Low Not required Partial None None
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, and R8500 before 1.0.2.94.
4974 CVE-2017-18747 20 2020-04-23 2020-04-23
3.3
None Local Network Low Not required None Partial None
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6130 before 1.0.0.16, EX6400 before 1.0.1.60, EX7000 before 1.0.0.50, EX7300 before 1.0.1.60, and WN2500RPv2 before 1.0.1.46.
4975 CVE-2017-18746 2020-04-23 2020-04-27
3.3
None Local Network Low Not required None Partial None
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6130 before 1.0.0.16, EX6400 before 1.0.1.60, EX7000 before 1.0.0.50, EX7300 before 1.0.1.60, and WN2500RPv2 before 1.0.1.46.
4976 CVE-2017-18741 2020-04-23 2020-04-27
3.3
None Local Network Low Not required Partial None None
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6250 before 1.0.4.8, R6300v2 before 1.0.4.8, R6700 before 1.0.1.20, R7000 before 1.0.7.10, R7000P before 1.0.0.58, R6900P before 1.0.0.58, R7100LG before 1.0.0.32, R7900 before 1.0.1.14, R8000 before 1.0.3.22, and R8500 before 1.0.2.94.
4977 CVE-2017-18714 DoS 2020-04-24 2020-05-01
3.3
None Local Network Low Not required None None Partial
NETGEAR WNDR4500v3 devices before 1.0.0.48 are affected by denial of service.
4978 CVE-2017-18713 200 +Info 2020-04-24 2020-05-01
3.3
None Local Network Low Not required Partial None None
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D7800 before 1.0.1.28, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48.
4979 CVE-2017-18712 200 +Info 2020-04-24 2020-05-01
3.3
None Local Network Low Not required Partial None None
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D7800 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48.
4980 CVE-2017-18710 200 +Info 2020-04-24 2020-05-01
3.3
None Local Network Low Not required Partial None None
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R8300 before 1.0.2.106 and R8500 before 1.0.2.106.
4981 CVE-2017-18706 2020-04-24 2020-05-04
3.3
None Local Network Low Not required None None Partial
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6100 before 1.0.1.20, R7500 before 1.0.0.118, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.62.
4982 CVE-2017-18704 200 +Info 2020-04-24 2020-04-28
3.3
None Local Network Low Not required Partial None None
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D6220 before 1.0.0.32, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R7000 before 1.0.9.14, R7000P before 1.3.0.8, R6900P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.56, R7900 before 1.0.1.26, R8000 before 1.0.4.4, R8500 before 1.0.2.106, R8300 before 1.0.2.106, and WNDR3400v3 before 1.0.1.16.
4983 CVE-2017-18695 522 2020-04-07 2020-04-08
3.5
None Remote Medium ??? Partial None None
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. Attackers (who control a certain subdomain) can discover a user's credentials, during an email account login, via an EAS autodiscover packet. The Samsung ID is SVE-2016-7654 (January 2017).
4984 CVE-2017-18680 20 2020-04-07 2020-04-08
3.6
None Local Low Not required Partial Partial None
An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) (tablets) software. The lockscreen interface allows Add User actions, leading to an unintended ability to access user data in external storage. The Samsung ID is SVE-2016-7797 (March 2017).
4985 CVE-2017-18642 200 +Info 2020-02-10 2020-02-12
3.3
None Local Network Low Not required Partial None None
Syska Smart Bulb devices through 2017-08-06 receive RGB parameters over cleartext Bluetooth Low Energy (BLE), leading to sniffing, reverse engineering, and replay attacks.
4986 CVE-2017-18601 79 XSS 2019-09-10 2019-09-10
3.5
None Remote Medium ??? None Partial None
The examapp plugin 1.0 for WordPress has XSS via exam input text fields.
4987 CVE-2017-18600 79 XSS 2019-09-10 2019-09-10
3.5
None Remote Medium ??? None Partial None
The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form > Heading > Heading Text" field.
4988 CVE-2017-18481 79 XSS 2019-08-05 2019-08-07
3.5
None Remote Medium ??? None Partial None
cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211).
4989 CVE-2017-18473 79 XSS 2019-08-05 2019-08-07
3.5
None Remote Medium ??? None Partial None
cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199).
4990 CVE-2017-18471 79 XSS 2019-08-05 2019-08-07
3.5
None Remote Medium ??? None Partial None
cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197).
4991 CVE-2017-18458 20 2019-08-02 2019-08-06
3.6
None Local Low Not required None Partial Partial
cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219).
4992 CVE-2017-18454 79 XSS 2019-08-02 2019-08-06
3.5
None Remote Medium ??? None Partial None
cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262).
4993 CVE-2017-18437 74 Exec Code 2019-08-02 2019-08-09
3.6
None Local Low Not required Partial Partial None
cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240).
4994 CVE-2017-18420 79 XSS 2019-08-02 2019-08-05
3.5
None Remote Medium ??? None Partial None
cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269).
4995 CVE-2017-18419 79 XSS 2019-08-02 2019-08-05
3.5
None Remote Medium ??? None Partial None
cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266).
4996 CVE-2017-18418 79 XSS 2019-08-02 2019-08-05
3.5
None Remote Medium ??? None Partial None
cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265).
4997 CVE-2017-18417 79 XSS 2019-08-02 2019-08-05
3.5
None Remote Medium ??? None Partial None
cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263).
4998 CVE-2017-18416 284 2019-08-02 2019-08-12
3.6
None Local Low Not required None Partial Partial
cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303).
4999 CVE-2017-18408 79 XSS 2019-08-02 2019-08-12
3.5
None Remote Medium ??? None Partial None
cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282).
5000 CVE-2017-18402 79 XSS 2019-08-02 2019-08-13
3.5
None Remote Medium ??? None Partial None
cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336).
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.