The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2018-21115 | NETGEAR XR500 devices before 2.3.2.32 are affected by remote code execution by unauthenticated attackers. | MEDIUM | Apr 23, 2020 | n/a |
| CVE-2018-21114 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, EX6150v2 before 1.0.1.70, EX6100v2 before 1.0.1.70, EX6200v2 before 1.0.1.64, EX7300 before 1.0.2.136, EX6400 before 1.0.2.136, R6100 before 1.0.1.16, R7500 before 1.0.0.110, R7800 before 1.0.2.32, R9000 before 1.0.4.12, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.52, WNDR4300v2 before 1.0.0.50, and WNDR4500v3 before 1.0.0.50. | MEDIUM | Apr 24, 2020 | n/a |
| CVE-2018-21113 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.42, R6100 before 1.0.1.28, R7500 before 1.0.0.130, R7500v2 before 1.0.3.36, R7800 before 1.0.2.52, R8900 before 1.0.4.12, R9000 before 1.0.4.12, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, and WNDR4500v3 before 1.0.0.56. | MEDIUM | Apr 24, 2020 | n/a |
| CVE-2018-21112 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R8900 before 1.0.4.12, and R9000 before 1.0.4.12. | MEDIUM | Apr 23, 2020 | n/a |
| CVE-2018-21111 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.60, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, and WNR2000v5 before 1.0.0.66. | MEDIUM | Apr 22, 2020 | n/a |
| CVE-2018-21110 | NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | MEDIUM | Apr 23, 2020 | n/a |
| CVE-2018-21109 | NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | MEDIUM | Apr 23, 2020 | n/a |
| CVE-2018-21108 | NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | MEDIUM | Apr 23, 2020 | n/a |
| CVE-2018-21107 | NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | MEDIUM | Apr 23, 2020 | n/a |
| CVE-2018-21106 | NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | MEDIUM | Apr 23, 2020 | n/a |
| CVE-2018-21105 | NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | MEDIUM | Apr 23, 2020 | n/a |
| CVE-2018-21104 | NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | MEDIUM | Apr 23, 2020 | n/a |
| CVE-2018-21103 | NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | MEDIUM | Apr 23, 2020 | n/a |
| CVE-2018-21102 | NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF. | MEDIUM | Apr 23, 2020 | n/a |
| CVE-2018-21101 | NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | MEDIUM | Apr 23, 2020 | n/a |
| CVE-2018-21100 | NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | MEDIUM | Apr 27, 2020 | n/a |
| CVE-2018-21099 | NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | MEDIUM | Apr 27, 2020 | n/a |
| CVE-2018-21098 | NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user. | MEDIUM | Apr 27, 2020 | n/a |
| CVE-2018-21097 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.10, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, and WND930 before 2.1.5. | HIGH | May 4, 2020 | n/a |
| CVE-2018-21096 | Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10. | MEDIUM | May 4, 2020 | n/a |
| CVE-2018-21095 | Certain NETGEAR devices are affected by stored XSS. This affects SRR60 before 2.2.1.210 and SRS60 before 2.2.1.210. | LOW | Apr 27, 2020 | n/a |
| CVE-2018-21094 | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, WND930 before 2.1.5, and WN604 before 3.3.10. | HIGH | May 4, 2020 | n/a |
| CVE-2018-21093 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D8500 before 1.0.3.42, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6250 before 1.0.4.26, R6300-2CXNAS before 1.0.3.60, R6300v2 before 1.0.4.28, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.46, R6900 before 1.0.1.46, R7000 before 1.0.9.28, R7000P before 1.3.1.44, R6900P before 1.3.1.44, R7100LG before 1.0.0.46, R7300 before 1.0.0.68, R7900 before 1.0.2.10, R8000 before 1.0.4.18, R8000P before 1.3.0.10, R7900P before 1.3.0.10, R8500 before 1.0.2.122, R8300 before 1.0.2.122, RBW30 before 2.1.2.6, WN2500RPv2 before 1.0.0.54, and WNR3500Lv2 before 1.2.0.56. | MEDIUM | May 4, 2020 | n/a |
| CVE-2018-21092 | An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. A crafted AT command may be sent by the DeviceTest application via an NFC tag. The Samsung ID is SVE-2017-10885 (January 2018). | LOW | Apr 9, 2020 | n/a |
| CVE-2018-21091 | An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. Telecom has a System Crash via abnormal exception handling. The Samsung ID is SVE-2017-10906 (January 2018). | HIGH | Apr 8, 2020 | n/a |
| CVE-2018-21090 | An issue was discovered on Samsung mobile devices with software through 2017-11-03 (S.LSI modem chipsets). The Exynos modem chipset has a baseband buffer overflow. The Samsung ID is SVE-2017-10745 (January 2018). | HIGH | Apr 9, 2020 | n/a |
| CVE-2018-21089 | An issue was discovered on Samsung mobile devices with N(7.x) (MT6755/MT6757 Mediatek models) software. Bootloader has an integer overflow that leads to arbitrary code execution via the download offset control. The Samsung ID is SVE-2017-10732 (January 2018). | HIGH | Apr 9, 2020 | n/a |
| CVE-2018-21088 | An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can cause a reboot because InputMethodManagerService has an unprotected system service. The Samsung ID is SVE-2017-9995 (January 2018). | HIGH | Apr 9, 2020 | n/a |
| CVE-2018-21087 | An issue was discovered on Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software. There is a vnswap heap-based buffer overflow via the store function, with resultant privilege escalation. The Samsung ID is SVE-2017-10599 (January 2018). | HIGH | Apr 9, 2020 | n/a |
| CVE-2018-21086 | An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant double free in vnswap_init_backing_storage. The Samsung ID is SVE-2017-11177 (February 2018). | MEDIUM | Apr 9, 2020 | n/a |
| CVE-2018-21085 | An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant use-after-free in vnswap_deinit_backing_storage. The Samsung ID is SVE-2017-11176 (February 2018). | MEDIUM | Apr 8, 2020 | n/a |
| CVE-2018-21084 | An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), and N(7.x) software. There is a race condition with a resultant read-after-free issue in get_kek. The Samsung ID is SVE-2017-11174 (February 2018). | MEDIUM | Apr 8, 2020 | n/a |
| CVE-2018-21083 | An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) (Exynos or Qualcomm chipsets) software. There is information disclosure (of a kernel address) via trustonic_tee. The Samsung ID is SVE-2017-11175 (February 2018). | MEDIUM | Apr 9, 2020 | n/a |
| CVE-2018-21082 | An issue was discovered on Samsung mobile devices with N(7.x) software. Dex Station allows App Pinning bypass and lock-screen bypass via the Use screen lock type to unpin option. The Samsung ID is SVE-2017-11106 (February 2018). | MEDIUM | Apr 8, 2020 | n/a |
| CVE-2018-21081 | An issue was discovered on Samsung mobile devices with N(7.x) software. In Dual Messenger, the second app can use the runtime permissions of the first app without a user\'s consent. The Samsung ID is SVE-2017-11018 (March 2018). | MEDIUM | Apr 8, 2020 | n/a |
| CVE-2018-21080 | An issue was discovered on Samsung mobile devices with N(7.x) software. A physically proximate attacker wielding a magnet can activate NFC to bypass the lockscreen. The Samsung ID is SVE-2017-10897 (March 2018). | LOW | Apr 9, 2020 | n/a |
| CVE-2018-21079 | An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), N(7.x), and O(8.0) software. There is a kernel pointer leak in the USB gadget driver. The Samsung ID is SVE-2017-10993 (March 2018). | MEDIUM | Apr 9, 2020 | n/a |
| CVE-2018-21078 | An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) software. The Contacts application allows attackers to originate video calls because SS (Supplementary Service) and USSD (Unstructured Supplementary Service Data) codes are improperly secured. The Samsung ID is SVE-2018-11469 (April 2018). | MEDIUM | Apr 9, 2020 | n/a |
| CVE-2018-21077 | An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is a Clipboard content disclosure in the locked state because the keyboard may be used during an emergency call. The Samsung ID is SVE-2017-11107 (April 2018). | LOW | Apr 9, 2020 | n/a |
| CVE-2018-21076 | An issue was discovered on Samsung mobile devices with N(7.x) (Exynos8890/8895 chipsets) software. There is information disclosure (a KASLR offset) in the Secure Driver via a modified trustlet. The Samsung ID is SVE-2017-10987 (April 2018). | LOW | Apr 9, 2020 | n/a |
| CVE-2018-21075 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. The Call+ application can load classes from an unintended path, leading to Code Execution. The Samsung ID is SVE-2017-10886 (April 2018). | HIGH | Apr 9, 2020 | n/a |
| CVE-2018-21074 | An issue was discovered on Samsung mobile devices with M(6.x) (Exynos or Qualcomm chipsets) software. There is information disclosure from a Trustlet via the debug log. The Samsung ID is SVE-2017-10638 (April 2018). | LOW | Apr 9, 2020 | n/a |
| CVE-2018-21073 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) (Galaxy S9+, Galaxy S9, Galaxy S8+, Galaxy S8, Note 8). There is access to Clipboard content in the locked state via the Edge panel. The Samsung ID is SVE-2017-10748 (May 2018). | LOW | Apr 9, 2020 | n/a |
| CVE-2018-21072 | An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) (Exynos chipsets) software. A kernel driver allows out-of-bounds Read/Write operations and possibly arbitrary code execution. The Samsung ID is SVE-2018-11358 (May 2018). | HIGH | Apr 9, 2020 | n/a |
| CVE-2018-21071 | An issue was discovered on Samsung mobile devices with M(6.0) software. Because of an unprotected intent, an attacker can read arbitrary files and emails, and take over an email account. The Samsung ID is SVE-2018-11633 (May 2018). | HIGH | Apr 9, 2020 | n/a |
| CVE-2018-21070 | An issue was discovered on Samsung mobile devices with N(7.x), O(8.0) devices (MSM8998 or SDM845 chipsets) software. An attacker can bypass Secure Boot and obtain root access because of a missing Bootloader integrity check. The Samsung ID is SVE-2018-11552 (May 2018). | HIGH | Apr 9, 2020 | n/a |
| CVE-2018-21069 | An issue was discovered on Samsung mobile devices with N(7.x) (MediaTek chipsets) software. There is information disclosure (of kernel stack memory) in a MediaTek driver. The Samsung ID is SVE-2018-11852 (July 2018). | MEDIUM | Apr 9, 2020 | n/a |
| CVE-2018-21068 | An issue was discovered on Samsung mobile devices with O(8.0) software. Execution of an application in a locked Secure Folder can occur without a password via a split screen. The Samsung ID is SVE-2018-11669 (July 2018). | LOW | Apr 9, 2020 | n/a |
| CVE-2018-21067 | An issue was discovered on Samsung mobile devices with M(6.0) software. There is an information disclosure in a Trustlet because an address is logged. The Samsung ID is SVE-2018-11600 (July 2018). | MEDIUM | Apr 9, 2020 | n/a |
| CVE-2018-21066 | An issue was discovered on Samsung mobile devices with M(6.0) (Exynos or MediaTek chipsets) software. There is a buffer overflow in a Trustlet that can cause memory corruption. The Samsung ID is SVE-2018-11599 (July 2018). | HIGH | Apr 9, 2020 | n/a |
