Netgear XR500 improper authentication [CVE-2021-38514]

A vulnerability classified as critical was found in Netgear D3600, D6000, D6100, D6200, D6220, D6400, D7000, D7000v2, D7800, D8500, DC112A, DGN2200v4, DGND2200Bv4, EX2700, EX3700, EX3800, EX6000, EX6100, EX6100v2, EX6120, EX6130, EX6150v1, EX6150v2, EX6200, EX6200v2, EX6400, EX7000, EX7300, EX8000, RBK50, RBR50, RBS50, RBK40, RBR40, RBS40, RBW30, PR2000, R6020, R6080, R6050, JR6150, R6120, R6220, R6250, R6300v2, R6400, R6400v2, R6700, R6700v2, R6800, R6900v2, R6900, R7000, R6900P, R7000P, R7100LG, R7300DST, R7500v2, R7800, R7900, R8000, R7900P, R8000P, R8300, R8500, R9000, RBS40V, RBK50V, WN2000RPTv3, WN2500RPv2, WN3000RPv3, WN3100RPv2, WNDR3400v3, WNDR3700v4, WNDR4300v1, WNDR4300v2, WNDR4500v3, WNR2000v5 (R2000), WNR2020, WNR2050, WNR3500Lv2 and XR500 (Wireless LAN Software). This vulnerability affects an unknown part. Upgrading eliminates this vulnerability.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2023-33553 : PLANET WDRT-1800AX 1.01-CP2 COOKIE LOGINSTATUS IMPROPER AUTHENTICATION

CVE-2023-33553 : PLANET WDRT-1800AX 1.01-CP2 COOKIE LOGINSTATUS IMPROPER AUTHENTICATION

Description An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attackers to bypass authentication and escalate privileges to root via manipulation

CVE-2023-20887 : VMWARE ARIA OPERATIONS FOR NETWORKS 6.X COMMAND INJECTION

CVE-2023-20887 : VMWARE ARIA OPERATIONS FOR NETWORKS 6.X COMMAND INJECTION

Description Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations

CVE-2023-29632 : JMSPAGEBUILDER 3.X ON PRESTASHOP AJAX_JMSPAGEBUILDER.PHP SQL INJECTION

CVE-2023-29632 : JMSPAGEBUILDER 3.X ON PRESTASHOP AJAX_JMSPAGEBUILDER.PHP SQL INJECTION

Description PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php. References https://friends-of-presta.github.io/security-advisories/modules/2023/03/13/jmspagebuilder.html For More Information MITRE