<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>r6260_firmware Archives - CVE Vulnerability</title>
	<atom:link href="https://cvevulnerability.com/cve_products/r6260_firmware/feed/" rel="self" type="application/rss+xml" />
	<link>https://cvevulnerability.com/cve_products/r6260_firmware/</link>
	<description></description>
	<lastBuildDate>Thu, 23 Feb 2023 14:10:24 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=7.0</generator>

<image>
	<url>https://cvevulnerability.com/wp-content/uploads/2023/02/cropped-Screenshot-2023-02-27-at-3.52.32-PM-32x32.png</url>
	<title>r6260_firmware Archives - CVE Vulnerability</title>
	<link>https://cvevulnerability.com/cve_products/r6260_firmware/</link>
	<width>32</width>
	<height>32</height>
</image> 
	<item>
		<title>CVE-2021-34978</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2021-34978/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Thu, 23 Feb 2023 14:10:24 +0000</pubDate>
				<guid isPermaLink="false">http://www.cvevulnerability.com/cve_vulnerabilities/cve-2021-34978/</guid>

					<description><![CDATA[<p>This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. A crafted SOAP request can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code [&#8230;]</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2021-34978/">CVE-2021-34978</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. A crafted SOAP request can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13511.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2021-34978/">CVE-2021-34978</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2021-34979</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2021-34979/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Thu, 23 Feb 2023 14:10:24 +0000</pubDate>
				<guid isPermaLink="false">http://www.cvevulnerability.com/cve_vulnerabilities/cve-2021-34979/</guid>

					<description><![CDATA[<p>This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it [&#8230;]</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2021-34979/">CVE-2021-34979</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13512.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2021-34979/">CVE-2021-34979</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>CVE-2021-34980</title>
		<link>https://cvevulnerability.com/cve_vulnerabilities/cve-2021-34980/</link>
		
		<dc:creator><![CDATA[]]></dc:creator>
		<pubDate>Thu, 23 Feb 2023 14:10:24 +0000</pubDate>
				<guid isPermaLink="false">http://www.cvevulnerability.com/cve_vulnerabilities/cve-2021-34980/</guid>

					<description><![CDATA[<p>This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. When parsing the SOAP_LOGIN_TOKEN environment variable, the process does not properly validate the length of user-supplied data prior to copying it to [&#8230;]</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2021-34980/">CVE-2021-34980</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. When parsing the SOAP_LOGIN_TOKEN environment variable, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14107.</p>
<p>The post <a rel="nofollow" href="https://cvevulnerability.com/cve_vulnerabilities/cve-2021-34980/">CVE-2021-34980</a> appeared first on <a rel="nofollow" href="https://cvevulnerability.com">CVE Vulnerability</a>.</p>
]]></content:encoded>
					
		
		
			</item>
	</channel>
</rss>
