Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-35792
Publication date:
30/12/2020
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7500v2 before 1.0.3.48, R8900 before 1.0.5.2, R9000 before 1.0.5.2, and R7800 before 1.0.2.68.
Severity CVSS v4.0: Pending analysis
Last modification:
31/12/2020

CVE-2020-35793
Publication date:
30/12/2020
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.58, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.5.2, and R9000 before 1.0.5.2.
Severity CVSS v4.0: Pending analysis
Last modification:
31/12/2020

CVE-2020-35787
Publication date:
30/12/2020
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.36, D7000 before 1.0.1.70, EX6200v2 before 1.0.1.78, EX7000 before 1.0.1.78, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6050 before 1.0.1.18, R6080 before 1.0.0.42, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6300v2 before 1.0.4.34, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, and XR500 before 2.3.2.40.
Severity CVSS v4.0: Pending analysis
Last modification:
31/12/2020

CVE-2020-35783
Publication date:
30/12/2020
Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, GS116Ev2 before 2.6.0.48, JGS524Ev2 before 2.6.0.48, and JGS524PE before 2.6.0.48. The NSDP protocol version allows unauthenticated remote attackers to obtain all the switch configuration parameters by sending the corresponding read requests.
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2021

CVE-2020-35789
Publication date:
30/12/2020
NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an authenticated user.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-10206
Publication date:
30/12/2020
Use of a Hard-coded Password in VNCserver in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows local attackers to view and interact with the video output of the device.
Severity CVSS v4.0: Pending analysis
Last modification:
14/01/2021

CVE-2020-35777
Publication date:
30/12/2020
NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command injection.
Severity CVSS v4.0: Pending analysis
Last modification:
30/12/2020

CVE-2020-35778
Publication date:
30/12/2020
Certain NETGEAR devices are affected by CSRF. This affects GS716Tv3 before 6.3.1.36 and GS724Tv4 before 6.3.1.36.
Severity CVSS v4.0: Pending analysis
Last modification:
30/12/2020

CVE-2020-35779
Publication date:
30/12/2020
NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
30/12/2020

CVE-2020-10208
Publication date:
30/12/2020
Command Injection in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows authenticated remote attackers to execute arbitrary commands with root user privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-10209
Publication date:
30/12/2020
Command Injection in the CPE WAN Management Protocol (CWMP) registration in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows man-in-the-middle attackers to execute arbitrary commands with root level privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-10207
Publication date:
29/12/2020
Use of Hard-coded Credentials in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows remote attackers to retrieve and modify the device settings.
Severity CVSS v4.0: Pending analysis
Last modification:
14/01/2021
Subscribe to Vulnerabilities