Crixer

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 150 Thunderbird versions prior to 150 **Description** An integer overflow occurs due to incorrect boundary conditions in the Audio/Video: Playback component. **Recommendations** Update Firefox to version 150. Update Thunderbird to version 150.

**Name of the Vulnerable Software and Affected Versions** Firefox for Android versions prior to 148.0.2 **Description** A heap buffer overflow exists in the Audio/Video: Playback component of Firefox for Android. This issue may allow for unexpected behavior or potentially compromise the system. **Recommendations** Update Firefox for Android to version 148.0.2 or later.

**Name of the Vulnerable Software and Affected Versions** NETGEAR DGN2200v4 versions prior to 1.0.0.132 **Description** A flaw exists in input validation within the NETGEAR DGN2200v4 (N300 Wireless ADSL2+ Modem Router). This issue allows attackers with direct network access to potentially execute code on the device. **Recommendations** Update the firmware to version 1.0.0.132 or later.

**Name of the Vulnerable Software and Affected Versions** QNAP QVR Elite versions prior to 2.1.4.0 QNAP QVR Pro versions prior to 2.1.3.0 QNAP QVR Guard versions prior to 2.1.3.0 **Description** The issue is related to a stack buffer overflow in the memory, which can be exploited by a remote attacker to execute arbitrary code. **Recommendations** For QNAP QVR Elite versions prior to 2.1.4.0, update to version 2.1.4.0 or later. For QNAP QVR Pro versions prior to 2.1.3.0, update to version 2.1.3.0 or later. For QNAP QVR Guard versions prior to 2.1.3.0, update to version 2.1.3.0 or later.

**Name of the Vulnerable Software and Affected Versions** QVR Elite versions prior to 2.1.4.0 QVR Pro versions prior to 2.1.3.0 QVR Guard versions prior to 2.1.3.0 **Description** A stack buffer overflow vulnerability has been reported to affect QNAP devices running QVR Elite, QVR Pro, and QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. **Recommendations** For QVR Elite versions prior to 2.1.4.0, update to version 2.1.4.0 or later. For QVR Pro versions prior to 2.1.3.0, update to version 2.1.3.0 or later. For QVR Guard versions prior to 2.1.3.0, update to version 2.1.3.0 or later.

**Name of the Vulnerable Software and Affected Versions** QVR Elite versions prior to 2.1.4.0 QVR Pro versions prior to 2.1.3.0 QVR Guard versions prior to 2.1.3.0 **Description** A stack buffer overflow vulnerability has been reported to affect QNAP devices running QVR Elite, QVR Pro, and QVR Guard. If exploited, this vulnerability allows attackers to execute arbitrary code. **Recommendations** For QVR Elite versions prior to 2.1.4.0, update to version 2.1.4.0 or later. For QVR Pro versions prior to 2.1.3.0, update to version 2.1.3.0 or later. For QVR Guard versions prior to 2.1.3.0, update to version 2.1.3.0 or later.

**Name of the Vulnerable Software and Affected Versions** QNAP QVR Elite versions prior to 2.1.4.0 QNAP QVR Pro versions prior to 2.1.3.0 QNAP QVR Guard versions prior to 2.1.3.0 **Description** The issue is related to a stack buffer overflow vulnerability in the memory, which can be exploited by a remote attacker to execute arbitrary code. This vulnerability affects QNAP devices running QVR Elite, QVR Pro, and QVR Guard. **Recommendations** For QNAP QVR Elite versions prior to 2.1.4.0, update to version 2.1.4.0 or later. For QNAP QVR Pro versions prior to 2.1.3.0, update to version 2.1.3.0 or later. For QNAP QVR Guard versions prior to 2.1.3.0, update to version 2.1.3.0 or later.

**Name of the Vulnerable Software and Affected Versions** QNAP QVR Elite versions prior to 2.1.4.0 QNAP QVR Pro versions prior to 2.1.3.0 QNAP QVR Guard versions prior to 2.1.3.0 **Description** The issue is related to a stack buffer overflow vulnerability in the memory, which can be exploited by a remote attacker to execute arbitrary code. **Recommendations** For QNAP QVR Elite versions prior to 2.1.4.0, update to version 2.1.4.0 or later. For QNAP QVR Pro versions prior to 2.1.3.0, update to version 2.1.3.0 or later. For QNAP QVR Guard versions prior to 2.1.3.0, update to version 2.1.3.0 or later.

**Name of the Vulnerable Software and Affected Versions** NETGEAR R7000 versions prior to 1.0.11.126 NETGEAR R7900 versions prior to 1.0.4.46 NETGEAR R7900P versions prior to 1.4.2.84 NETGEAR R7960P versions prior to 1.4.2.84 NETGEAR R8000 versions prior to 1.0.4.74 NETGEAR R8000P versions prior to 1.4.2.84 NETGEAR RAX200 versions prior to 1.0.3.106 NETGEAR MR60 versions prior to 1.0.6.110 NETGEAR RAX45 versions prior to 1.0.2.66 NETGEAR RAX80 versions prior to 1.0.3.106 NETGEAR MS60 versions prior to 1.0.6.110 NETGEAR RAX50 versions prior to 1.0.2.66 NETGEAR RAX75 versions prior to 1.0.3.106 **Description** The issue is related to the lack of input data sanitization in the embedded software of certain NETGEAR devices, which can be exploited by an authenticated user to inject commands. This allows a remote attacker to execute arbitrary commands. **Recommendations** For NETGEAR R7000 version prior to 1.0.11.126, update to version 1.0.11.126 or later. For NETGEAR R7900 version prior to 1.0.4.46, update to version 1.0.4.46 or later. For NETGEAR R7900P version prior to 1.4.2.84, update to version 1.4.2.84 or later. For NETGEAR R7960P version prior to 1.4.2.84, update to version 1.4.2.84 or later. For NETGEAR R8000 version prior to 1.0.4.74, update to version 1.0.4.74 or later. For NETGEAR R8000P version prior to 1.4.2.84, update to version 1.4.2.84 or later. For NETGEAR RAX200 version prior to 1.0.3.106, update to version 1.0.3.106 or later. For NETGEAR MR60 version prior to 1.0.6.110, update to version 1.0.6.110 or later. For NETGEAR RAX45 version prior to 1.0.2.66, update to version 1.0.2.66 or later. For NETGEAR RAX80 version prior to 1.0.3.106, update to version 1.0.3.106 or later. For NETGEAR MS60 version prior to 1.0.6.110, update to version 1.0.6.110 or later. For NETGEAR RAX50 version prior to 1.0.2.66, update to version 1.0.2.66 or later. For NETGEAR RAX75 version prior to 1.0.3.106, update to version 1.0.3.106 or later.

**Name of the Vulnerable Software and Affected Versions** NETGEAR LAX20 versions prior to 1.1.6.28 NETGEAR MK62 versions prior to 1.1.6.122 NETGEAR MR60 versions prior to 1.1.6.122 NETGEAR MS60 versions prior to 1.1.6.122 NETGEAR R6400v2 versions prior to 1.0.4.118 NETGEAR R6700v3 versions prior to 1.0.4.118 NETGEAR R6900P versions prior to 1.3.3.140 NETGEAR R7000 versions prior to 1.0.11.116 NETGEAR R7000P versions prior to 1.3.3.140 NETGEAR R7850 versions prior to 1.0.5.68 NETGEAR R7900 versions prior to 1.0.4.38 NETGEAR R7900P versions prior to 1.4.2.84 NETGEAR R7960P versions prior to 1.4.2.84 NETGEAR R8000 versions prior to 1.0.4.68 NETGEAR R8000P versions prior to 1.4.2.84 NETGEAR RAX15 versions prior to 1.0.3.96 NETGEAR RAX20 versions prior to 1.0.3.96 NETGEAR RAX200 versions prior to 1.0.4.120 NETGEAR RAX35v2 versions prior to 1.0.3.96 NETGEAR RAX40v2 versions prior to 1.0.3.96 NETGEAR RAX43 versions prior to 1.0.3.96 NETGEAR RAX45 versions prior to 1.0.3.96 NETGEAR RAX50 versions prior to 1.0.3.96 NETGEAR RAX75 versions prior to 1.0.4.120 NETGEAR RAX80 versions prior to 1.0.4.120 NETGEAR RS400 versions prior to 1.5.1.80 NETGEAR XR1000 versions prior to 1.0.0.58 **Description** The issue is related to command injection by an authenticated user due to the lack of input data sanitization. This allows a remote attacker to execute arbitrary commands. **Recommendations** For NETGEAR LAX20 versions prior to 1.1.6.28, update to version 1.1.6.28 or later. For NETGEAR MK62 versions prior to 1.1.6.122, update to version 1.1.6.122 or later. For NETGEAR MR60 versions prior to 1.1.6.122, update to version 1.1.6.122 or later. For NETGEAR MS60 versions prior to 1.1.6.122, update to version 1.1.6.122 or later. For NETGEAR R6400v2 versions prior to 1.0.4.118, update to version 1.0.4.118 or later. For NETGEAR R6700v3 versions prior to 1.0.4.118, update to version 1.0.4.118 or later. For NETGEAR R6900P versions prior to 1.3.3.140, update to version 1.3.3.140 or later. For NETGEAR R7000 versions prior to 1.0.11.116, update to version 1.0.11.116 or later. For NETGEAR R7000P versions prior to 1.3.3.140, update to version 1.3.3.140 or later. For NETGEAR R7850 versions prior to 1.0.5.68, update to version 1.0.5.68 or later. For NETGEAR R7900 versions prior to 1.0.4.38, update to version 1.0.4.38 or later. For NETGEAR R7900P versions prior to 1.4.2.84, update to version 1.4.2.84 or later. For NETGEAR R7960P versions prior to 1.4.2.84, update to version 1.4.2.84 or later. For NETGEAR R8000 versions prior to 1.0.4.68, update to version 1.0.4.68 or later. For NETGEAR R8000P versions prior to 1.4.2.84, update to version 1.4.2.84 or later. For NETGEAR RAX15 versions prior to 1.0.3.96, update to version 1.0.3.96 or later. For NETGEAR RAX20 versions prior to 1.0.3.96, update to version 1.0.3.96 or later. For NETGEAR RAX200 versions prior to 1.0.4.120, update to version 1.0.4.120 or later. For NETGEAR RAX35v2 versions prior to 1.0.3.96, update to version 1.0.3.96 or later. For NETGEAR RAX40v2 versions prior to 1.0.3.96, update to version 1.0.3.96 or later. For NETGEAR RAX43 versions prior to 1.0.3.96, update to version 1.0.3.96 or later. For NETGEAR RAX45 versions prior to 1.0.3.96, update to version 1.0.3.96 or later. For NETGEAR RAX50 versions prior to 1.0.3.96, update to version 1.0.3.96 or later. For NETGEAR RAX75 versions prior to 1.0.4.120, update to version 1.0.4.120 or later. For NETGEAR RAX80 versions prior to 1.0.4.120, update to version 1.0.4.120 or later. For NETGEAR RS400 versions prior to 1.5.1.80, update to version 1.5.1.80 or later. For NETGEAR XR1000 versions prior to 1.0.0.58, update to version 1.0.0.58 or later.

**Name of the Vulnerable Software and Affected Versions** NETGEAR R7900P versions prior to 1.4.2.84 NETGEAR R7960P versions prior to 1.4.2.84 NETGEAR R8000 versions prior to 1.0.4.74 NETGEAR R8000P versions prior to 1.4.2.84 NETGEAR MR60 versions prior to 1.0.6.110 NETGEAR RAX20 versions prior to 1.0.2.82 NETGEAR RAX45 versions prior to 1.0.2.28 NETGEAR RAX80 versions prior to 1.0.3.106 NETGEAR MS60 versions prior to 1.0.6.110 NETGEAR RAX15 versions prior to 1.0.2.82 NETGEAR RAX50 versions prior to 1.0.2.28 NETGEAR RAX75 versions prior to 1.0.3.106 **Description** The issue is related to command injection by an authenticated user due to the lack of input data sanitization. This allows a remote attacker to execute arbitrary commands. **Recommendations** For NETGEAR R7900P version prior to 1.4.2.84, update to version 1.4.2.84 or later. For NETGEAR R7960P version prior to 1.4.2.84, update to version 1.4.2.84 or later. For NETGEAR R8000 version prior to 1.0.4.74, update to version 1.0.4.74 or later. For NETGEAR R8000P version prior to 1.4.2.84, update to version 1.4.2.84 or later. For NETGEAR MR60 version prior to 1.0.6.110, update to version 1.0.6.110 or later. For NETGEAR RAX20 version prior to 1.0.2.82, update to version 1.0.2.82 or later. For NETGEAR RAX45 version prior to 1.0.2.28, update to version 1.0.2.28 or later. For NETGEAR RAX80 version prior to 1.0.3.106, update to version 1.0.3.106 or later. For NETGEAR MS60 version prior to 1.0.6.110, update to version 1.0.6.110 or later. For NETGEAR RAX15 version prior to 1.0.2.82, update to version 1.0.2.82 or later. For NETGEAR RAX50 version prior to 1.0.2.28, update to version 1.0.2.28 or later. For NETGEAR RAX75 version prior to 1.0.3.106, update to version 1.0.3.106 or later.

**Name of the Vulnerable Software and Affected Versions** NETGEAR D7800 versions prior to 1.0.1.60 NETGEAR DM200 versions prior to 1.0.0.66 NETGEAR EX2700 versions prior to 1.0.1.56 NETGEAR EX6150v2 versions prior to 1.0.1.86 NETGEAR EX6200v2 versions prior to 1.0.1.86 NETGEAR EX6250 versions prior to 1.0.0.128 NETGEAR EX6400 versions prior to 1.0.2.144 NETGEAR EX6400v2 versions prior to 1.0.0.128 NETGEAR EX6410 versions prior to 1.0.0.128 NETGEAR EX6420 versions prior to 1.0.0.128 NETGEAR EX7300 versions prior to 1.0.2.144 NETGEAR EX7300v2 versions prior to 1.0.0.128 NETGEAR EX7320 versions prior to 1.0.0.128 NETGEAR R7500v2 versions prior to 1.0.3.46 NETGEAR R7800 versions prior to 1.0.2.74 NETGEAR R8900 versions prior to 1.0.5.26 NETGEAR R9000 versions prior to 1.0.5.2 NETGEAR RAX120 versions prior to 1.0.1.128 NETGEAR WN3000RPv2 versions prior to 1.0.0.78 NETGEAR WN3000RPv3 versions prior to 1.0.2.80 NETGEAR WNR2000v5 versions prior to 1.0.0.74 NETGEAR XR500 versions prior to 2.3.2.66 NETGEAR RBK20 versions prior to 2.7.3.22 NETGEAR RBR20 versions prior to 2.7.3.22 NETGEAR RBS20 versions prior to 2.7.3.22 NETGEAR RBK40 versions prior to 2.7.3.22 NETGEAR RBR40 versions prior to 2.7.3.22 NETGEAR RBS40 versions prior to 2.7.3.22 **Description** The issue is related to the lack of input data sanitization, which can allow a remote attacker to execute arbitrary commands. This is a command injection vulnerability that affects certain NETGEAR devices. **Recommendations** Update NETGEAR D7800 to version 1.0.1.60 or later Update NETGEAR DM200 to version 1.0.0.66 or later Update NETGEAR EX2700 to version 1.0.1.56 or later Update NETGEAR EX6150v2 to version 1.0.1.86 or later Update NETGEAR EX6200v2 to version 1.0.1.86 or later Update NETGEAR EX6250 to version 1.0.0.128 or later Update NETGEAR EX6400 to version 1.0.2.144 or later Update NETGEAR EX6400v2 to version 1.0.0.128 or later Update NETGEAR EX6410 to version 1.0.0.128 or later Update NETGEAR EX6420 to version 1.0.0.128 or later Update NETGEAR EX7300 to version 1.0.2.144 or later Update NETGEAR EX7300v2 to version 1.0.0.128 or later Update NETGEAR EX7320 to version 1.0.0.128 or later Update NETGEAR R7500v2 to version 1.0.3.46 or later Update NETGEAR R7800 to version 1.0.2.74 or later Update NETGEAR R8900 to version 1.0.5.26 or later Update NETGEAR R9000 to version 1.0.5.2 or later Update NETGEAR RAX120 to version 1.0.1.128 or later Update NETGEAR WN3000RPv2 to version 1.0.0.78 or later Update NETGEAR WN3000RPv3 to version 1.0.2.80 or later Update NETGEAR WNR2000v5 to version 1.0.0.74 or later Update NETGEAR XR500 to version 2.3.2.66 or later Update NETGEAR RBK20 to version 2.7.3.22 or later Update NETGEAR RBR20 to version 2.7.3.22 or later Update NETGEAR RBS20 to version 2.7.3.22 or later Update NETGEAR RBK40 to version 2.7.3.22 or later Update NETGEAR RBR40 to version 2.7.3.22 or later Update NETGEAR RBS40 to version 2.7.3.22 or later

**Name of the Vulnerable Software and Affected Versions** Surveillance Station versions prior to 5.2.0.4.2 Surveillance Station versions prior to 5.2.0.3.2 Surveillance Station versions prior to 5.1.5.4.6 Surveillance Station versions prior to 5.1.5.3.6 **Description** A stack buffer overflow issue has been reported to affect QNAP NAS running Surveillance Station, allowing attackers to execute arbitrary code if exploited. **Recommendations** For QTS 5.0.0 (64 bit), update Surveillance Station to version 5.2.0.4.2 or later. For QTS 5.0.0 (32 bit), update Surveillance Station to version 5.2.0.3.2 or later. For QTS 4.3.6 (64 bit), update Surveillance Station to version 5.1.5.4.6 or later. For QTS 4.3.6 (32 bit), update Surveillance Station to version 5.1.5.3.6 or later. For QTS 4.3.3, update Surveillance Station to version 5.1.5.3.6 or later.

**Name of the Vulnerable Software and Affected Versions** Multimedia Console versions prior to 1.4.3 Multimedia Console versions prior to 1.5.3 **Description** A stack buffer overflow issue has been reported, allowing attackers to execute arbitrary code if exploited. This can be achieved by sending a specially crafted request. **Recommendations** For versions prior to 1.4.3, update to Multimedia Console 1.4.3 or later. For versions prior to 1.5.3, update to Multimedia Console 1.5.3 or later.

**Name of the Vulnerable Software and Affected Versions** QUSBCam2 versions prior to 1.1.4 QUSBCam2 versions prior to 2.0.1 **Description** A stack buffer overflow issue has been reported to affect QNAP devices running QUSBCam2, allowing attackers to execute arbitrary code if exploited. **Recommendations** For QUSBCam2 versions prior to 1.1.4, update to QUSBCam2 1.1.4 or later. For QUSBCam2 versions prior to 2.0.1, update to QUSBCam2 2.0.1 or later.

Name of the Vulnerable Software and Affected Versions: NVR Storage Expansion versions prior to 1.0.6 Description: A stack buffer overflow issue has been reported, allowing attackers to execute arbitrary code if exploited. Recommendations: For versions prior to 1.0.6, update to NVR Storage Expansion version 1.0.6 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: NVR Storage Expansion versions prior to 1.0.6 Description: A stack buffer overflow issue has been reported, allowing attackers to execute arbitrary code if exploited. Recommendations: For versions prior to 1.0.6, update to NVR Storage Expansion version 1.0.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MK62 versions prior to 1.0.6.110 MR60 versions prior to 1.0.6.110 MS60 versions prior to 1.0.6.110 RAX15 versions prior to 1.0.2.82 RAX20 versions prior to 1.0.2.82 RAX200 versions prior to 1.0.3.106 RAX45 versions prior to 1.0.2.32 RAX50 versions prior to 1.0.2.32 RAX75 versions prior to 1.0.3.106 RAX80 versions prior to 1.0.3.106 RBK752 versions prior to 3.2.16.6 RBR750 versions prior to 3.2.16.6 RBS750 versions prior to 3.2.16.6 **Description** The issue is a stack-based buffer overflow that can be exploited by an authenticated user. This affects various NETGEAR devices. **Recommendations** For MK62 versions prior to 1.0.6.110, update to version 1.0.6.110 or later. For MR60 versions prior to 1.0.6.110, update to version 1.0.6.110 or later. For MS60 versions prior to 1.0.6.110, update to version 1.0.6.110 or later. For RAX15 versions prior to 1.0.2.82, update to version 1.0.2.82 or later. For RAX20 versions prior to 1.0.2.82, update to version 1.0.2.82 or later. For RAX200 versions prior to 1.0.3.106, update to version 1.0.3.106 or later. For RAX45 versions prior to 1.0.2.32, update to version 1.0.2.32 or later. For RAX50 versions prior to 1.0.2.32, update to version 1.0.2.32 or later. For RAX75 versions prior to 1.0.3.106, update to version 1.0.3.106 or later. For RAX80 versions prior to 1.0.3.106, update to version 1.0.3.106 or later. For RBK752 versions prior to 3.2.16.6, update to version 3.2.16.6 or later. For RBR750 versions prior to 3.2.16.6, update to version 3.2.16.6 or later. For RBS750 versions prior to 3.2.16.6, update to version 3.2.16.6 or later.

Name of the Vulnerable Software and Affected Versions: R8000P versions prior to 1.4.1.66 MK62 versions prior to 1.0.6.110 MR60 versions prior to 1.0.6.110 MS60 versions prior to 1.0.6.110 R7960P versions prior to 1.4.1.66 R7900P versions prior to 1.4.1.66 RAX15 versions prior to 1.0.2.82 RAX20 versions prior to 1.0.2.82 RAX45 versions prior to 1.0.2.72 RAX50 versions prior to 1.0.2.72 RAX75 versions prior to 1.0.3.106 RAX80 versions prior to 1.0.3.106 RAX200 versions prior to 1.0.3.106 Description: Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. Recommendations: For R8000P version prior to 1.4.1.66, update to version 1.4.1.66 or later. For MK62 version prior to 1.0.6.110, update to version 1.0.6.110 or later. For MR60 version prior to 1.0.6.110, update to version 1.0.6.110 or later. For MS60 version prior to 1.0.6.110, update to version 1.0.6.110 or later. For R7960P version prior to 1.4.1.66, update to version 1.4.1.66 or later. For R7900P version prior to 1.4.1.66, update to version 1.4.1.66 or later. For RAX15 version prior to 1.0.2.82, update to version 1.0.2.82 or later. For RAX20 version prior to 1.0.2.82, update to version 1.0.2.82 or later. For RAX45 version prior to 1.0.2.72, update to version 1.0.2.72 or later. For RAX50 version prior to 1.0.2.72, update to version 1.0.2.72 or later. For RAX75 version prior to 1.0.3.106, update to version 1.0.3.106 or later. For RAX80 version prior to 1.0.3.106, update to version 1.0.3.106 or later. For RAX200 version prior to 1.0.3.106, update to version 1.0.3.106 or later.

**Name of the Vulnerable Software and Affected Versions** NETGEAR D7800 versions prior to 1.0.1.56 NETGEAR R7800 versions prior to 1.0.2.68 NETGEAR R8900 versions prior to 1.0.4.26 NETGEAR R9000 versions prior to 1.0.4.26 **Description** The issue affects certain NETGEAR devices, allowing command injection by an authenticated user. **Recommendations** For NETGEAR D7800 versions prior to 1.0.1.56, update to version 1.0.1.56 or later. For NETGEAR R7800 versions prior to 1.0.2.68, update to version 1.0.2.68 or later. For NETGEAR R8900 versions prior to 1.0.4.26, update to version 1.0.4.26 or later. For NETGEAR R9000 versions prior to 1.0.4.26, update to version 1.0.4.26 or later.