Fr33Rh

**Name of the Vulnerable Software and Affected Versions** NETGEAR RAX40 versions prior to 1.0.2.60 NETGEAR RAX35 versions prior to 1.0.2.60 NETGEAR R6400v2 versions prior to 1.0.4.122 NETGEAR R6700v3 versions prior to 1.0.4.122 NETGEAR R6900P versions prior to 1.3.3.152 NETGEAR R7000P versions prior to 1.3.3.152 NETGEAR R7000 versions prior to 1.0.11.136 NETGEAR R7960P versions prior to 1.4.4.94 NETGEAR R8000P versions prior to 1.4.4.94 **Description** The issue is a buffer overflow that can be exploited by an unauthenticated attacker. This allows the attacker to potentially execute code with elevated privileges. The problem is similar to a previous vulnerability that allowed code execution with root privileges through manipulation on the WAN interface. **Recommendations** For RAX40 versions prior to 1.0.2.60, update to version 1.0.2.60 or later. For RAX35 versions prior to 1.0.2.60, update to version 1.0.2.60 or later. For R6400v2 versions prior to 1.0.4.122, update to version 1.0.4.122 or later. For R6700v3 versions prior to 1.0.4.122, update to version 1.0.4.122 or later. For R6900P versions prior to 1.3.3.152, update to version 1.3.3.152 or later. For R7000P versions prior to 1.3.3.152, update to version 1.3.3.152 or later. For R7000 versions prior to 1.0.11.136, update to version 1.0.11.136 or later. For R7960P versions prior to 1.4.4.94, update to version 1.4.4.94 or later. For R8000P versions prior to 1.4.4.94, update to version 1.4.4.94 or later.

**Name of the Vulnerable Software and Affected Versions** NETGEAR R7800 versions prior to 1.0.2.74 NETGEAR R9000 versions prior to 1.0.5.2 NETGEAR XR500 versions prior to 2.3.2.66 **Description** The issue is related to insufficient input validation, allowing an unauthenticated attacker to perform command injection. This can enable a remote attacker to execute arbitrary commands. **Recommendations** For NETGEAR R7800 versions prior to 1.0.2.74, update to version 1.0.2.74 or later. For NETGEAR R9000 versions prior to 1.0.5.2, update to version 1.0.5.2 or later. For NETGEAR XR500 versions prior to 2.3.2.66, update to version 2.3.2.66 or later.

**Name of the Vulnerable Software and Affected Versions** Ubiquiti Networks EdgeSwitch X versions prior to 1.1.0 **Description** The issue allows an authenticated user to execute arbitrary shell commands over the SSH interface, bypassing the CLI interface, which enables them to escalate privileges to root. **Recommendations** For versions prior to 1.1.0, update to version 1.1.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ubiquiti Networks EdgeSwitch X versions 1.1.0 and prior **Description** The issue allows an unauthenticated user to utilize the local port forwarding and dynamic port forwarding functionalities, which can be exploited by remote attackers without credentials to access local services or forward traffic through the device if SSH is enabled. **Recommendations** For versions 1.1.0 and prior, consider disabling SSH in the system settings until a fix is available. As a temporary workaround, restrict access to the local port forwarding and dynamic port forwarding functionalities to minimize the risk of exploitation.