Netgear Xr1000
28 CVEs affecting Netgear Xr1000. Latest disclosed: 2026-06-09. Critical: 10, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-45654 | Critical | 9.6 | 2021-12-26 | NETGEAR XR1000 devices before 1.0.0.58 are affected by disclosure of sensitive information. |
CVE-2021-45622 | Critical | 9.6 | 2021-12-26 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 befo… |
CVE-2021-45621 | Critical | 9.6 | 2021-12-26 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, EAX20 bef… |
CVE-2021-45620 | Critical | 9.6 | 2021-12-26 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 befo… |
CVE-2021-45616 | Critical | 9.6 | 2021-12-26 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 3.2.18.2, LAX20 before 1.1.6.28, MK62 befo… |
CVE-2021-45614 | Critical | 9.6 | 2021-12-26 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 bef… |
CVE-2021-45613 | Critical | 9.6 | 2021-12-26 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, D7000v2 be… |
CVE-2021-45612 | Critical | 9.6 | 2021-12-26 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 befo… |
CVE-2021-45514 | Critical | 9.6 | 2021-12-26 | NETGEAR XR1000 devices before 1.0.0.58 are affected by command injection by an unauthenticated attacker. |
CVE-2021-45513 | Critical | 9.6 | 2021-12-26 | NETGEAR XR1000 devices before 1.0.0.58 are affected by command injection by an unauthenticated attacker. |
CVE-2021-34982 | High | 8.8 | 2024-05-07 | NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute… |
CVE-2024-35517 | High | 8.4 | 2024-10-11 | Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter. |
CVE-2021-45549 | High | 8.4 | 2021-12-26 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LAX20 before 1.1.6.28, MK62 before 1.1.6.122, MR60 before 1.1… |
CVE-2021-45643 | High | 8.2 | 2021-12-26 | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, and XR10… |
CVE-2021-45510 | High | 8.2 | 2021-12-26 | NETGEAR XR1000 devices before 1.0.0.58 are affected by authentication bypass. |
CVE-2026-9213 | High | 8.1 | 2026-06-09 | A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Intern… |
CVE-2025-25246 | High | 8.1 | 2025-02-05 | NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 before 2.3.2.134 allow remote code execution by unauthenticated users. |
CVE-2021-34983 | Medium | 6.5 | 2024-05-07 | NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent at… |
CVE-2021-34870 | Medium | 6.5 | 2022-01-25 | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 1.0.0.52_1.0.38 routers. Aut… |
CVE-2021-45519 | Medium | 6.5 | 2021-12-26 | NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service. |