Netgear Rax43
27 CVEs affecting Netgear Rax43. Latest disclosed: 2026-07-14. Critical: 7, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-45622 | Critical | 9.6 | 2021-12-26 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 befo… |
CVE-2021-45621 | Critical | 9.6 | 2021-12-26 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, EAX20 bef… |
CVE-2021-45620 | Critical | 9.6 | 2021-12-26 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 befo… |
CVE-2021-45616 | Critical | 9.6 | 2021-12-26 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 3.2.18.2, LAX20 before 1.1.6.28, MK62 befo… |
CVE-2021-45614 | Critical | 9.6 | 2021-12-26 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 bef… |
CVE-2021-45613 | Critical | 9.6 | 2021-12-26 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, D7000v2 be… |
CVE-2021-45612 | Critical | 9.6 | 2021-12-26 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 befo… |
CVE-2021-34982 | High | 8.8 | 2024-05-07 | NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute… |
CVE-2022-27645 | High | 8.8 | 2023-03-29 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not requi… |
CVE-2022-27642 | High | 8.8 | 2023-03-29 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentic… |
CVE-2021-20170 | High | 8.8 | 2021-12-30 | Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to manipulate configuration bac… |
CVE-2021-20166 | High | 8.8 | 2021-12-30 | Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer… |
CVE-2021-34991 | High | 8.8 | 2021-11-15 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Authenti… |
CVE-2021-45549 | High | 8.4 | 2021-12-26 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LAX20 before 1.1.6.28, MK62 before 1.1.6.122, MR60 before 1.1… |
CVE-2022-27647 | High | 8.0 | 2023-03-29 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although… |
CVE-2021-20167 | High | 8.0 | 2021-12-30 | Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parame… |
CVE-2025-12946 | High | 7.5 | 2025-12-09 | A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN si… |
CVE-2021-20169 | Medium | 6.8 | 2021-12-30 | Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. By default, all communication to/from the device is sent via HTTP… |
CVE-2021-20168 | Medium | 6.8 | 2021-12-30 | Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A malicious actor with physical access to the device is able to conn… |
CVE-2021-34983 | Medium | 6.5 | 2024-05-07 | NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent at… |