Netgear

End-of-service Netgear devices with TelnetEnable functionality can have telnet service remotely activated via specially crafted magic packets, enabling unauthenticated remote access to the device. An attacker on the network can exploit this to gain command-line access without credentials, potentially leading to device compromise and lateral movement. No patch is available for affected products.

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. [CVSS 7.7 HIGH]

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsq_access_token parameter. [CVSS 7.7 HIGH]

NETGEAR WiFi extenders (Ex5000, Ex6110, Ex2800, Ex3110) with improper path traversal validation allow authenticated LAN users to access the webproc configuration file and extract stored router credentials. An attacker with local network access can leverage this to obtain administrative credentials for further network compromise. A patch is available.

NETGEAR WiFi extenders (Ex3110, Ex6110, Ex5000, Ex2800) contain an authentication bypass vulnerability that allows network-adjacent attackers with WiFi access or physical Ethernet connectivity to gain unauthorized admin panel access. An attacker can exploit insufficient authentication validation to fully compromise the device's confidentiality, integrity, and availability. A patch is available for affected firmware versions.

NETGEAR XR1000v2 routers are vulnerable to OS command injection through inadequate input validation, enabling attackers with LAN access to execute arbitrary commands with elevated privileges. The vulnerability affects authenticated users on the local network and could allow complete router compromise including data interception and network manipulation. A patch is available.

Unauthenticated administrative access in NETGEAR Orbi routers (CBR750, NBR750, RBE370, RBE371) allows local network attackers to bypass authentication and gain full admin control of the web interface. This high-severity vulnerability (CVSS 7.8) impacts all users on networks connected to affected devices, enabling attackers to modify router settings, potentially compromising network security and connected devices. A patch is available.

Authenticated attackers on the same network can execute arbitrary OS commands on NETGEAR Orbi routers (RBS860, RBR850, RBSE950) through improper validation of DHCPv6 input. The vulnerability requires local or WiFi network access but no user interaction, giving attackers full system compromise capabilities on affected devices. A patch is available for this high-severity flaw.

NETGEAR Orbi routers (RBS850, RBE970, RBS750) are vulnerable to OS command injection through inadequate input validation, enabling attackers on the local network to execute arbitrary commands with elevated privileges. The vulnerability requires LAN access and low privileges but provides complete system compromise through high-impact code execution capabilities. A patch is available for affected firmware versions.

Improper input validation in NETGEAR DGN2200v4 (N300 Wireless ADSL2+ Modem Router) allows attackers with direct network access to the device to potentially execute code on the device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Improper certificate validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream AX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band WiFi 6E Router) allows attackers with. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to. Rated medium severity (CVSS 4.8). No vendor patch available.

Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points). Rated low severity (CVSS 0.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

A vulnerability, which was classified as critical, was found in Netgear D6400 1.0.0.114. This affects an unknown part of the file diag.cgi. The manipulation of the argument host_name leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early and confirmed the existence of the vulnerability. They reacted very quickly, professional and kind. This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2025-6565 is a critical stack-based buffer overflow vulnerability in Netgear WNCE3001 v1.0.0.50 affecting the HTTP POST request handler's Host parameter processing. An authenticated attacker can remotely exploit this to achieve complete system compromise including confidentiality, integrity, and availability violations. Public exploitation code exists, elevating immediate risk.

CVE-2025-48890 is a critical OS command injection vulnerability in the miniigd SOAP service affecting WRH-733GBK and WRH-733GWH network storage devices. Remote unauthenticated attackers can execute arbitrary OS commands by sending specially crafted requests, achieving complete system compromise (CVSS 9.8). With an attack vector of Network/Low complexity/No privileges required, this vulnerability poses immediate risk to exposed devices.

CVE-2025-6511 is a critical stack-based buffer overflow vulnerability in Netgear EX6150 (version 1.0.0.46_1.0.76) affecting the sub_410090 function, allowing authenticated attackers to achieve remote code execution with high integrity, confidentiality, and availability impact. The vulnerability is publicly disclosed with proof-of-concept code available, and impacts only end-of-life products no longer receiving vendor support, elevating real-world exploitation risk for unpatched legacy deployments.

CVE-2025-6510 is a critical stack-based buffer overflow vulnerability in Netgear EX6100 WiFi extender (version 1.0.2.28_1.1.138) affecting the sub_415EF8 function. An authenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with high integrity and availability impact. The vulnerability has public exploit disclosure and affects only end-of-life products no longer receiving vendor support.

A critical unauthenticated remote command injection vulnerability exists in multiple Blink router models through the 'mac' parameter in the bs_SetMacBlack function, allowing attackers to execute arbitrary commands with full system privileges. Affected models include BL-WR9000 V2.4.9, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5, BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0, and BL-X26_DA3 v1.2.7. With a CVSS score of 9.8 and network-based attack vector requiring no authentication or user interaction, this vulnerability poses severe risk to any exposed router on the network.

A command injection vulnerability (CVSS 9.8). Risk factors: public PoC available.

A critical stack-based buffer overflow vulnerability (CVE-2025-5934) exists in Netgear EX3700 wireless extenders up to version 1.0.0.88, affecting the sub_41619C function in the /mtd file. An authenticated attacker can remotely exploit this vulnerability to achieve complete system compromise including confidentiality, integrity, and availability breaches. Public exploit code is available, and while the affected product line is no longer supported by Netgear, immediate patching to version 1.0.0.98 is critical for active deployments.

Critical authentication bypass vulnerability in Netgear WNR614 version 1.1.0.28_1.0.1WW that allows unauthenticated remote attackers to access sensitive configuration files through null-byte injection in the URL handler. The vulnerability affects the %00currentsetting.htm endpoint, enabling attackers to retrieve or modify device settings without credentials. This 0day has been publicly disclosed with proof-of-concept code available, and CVSS 7.3 reflects moderate confidentiality, integrity, and availability impact across network-accessible administration functions.

A vulnerability has been found in Netgear DGND3700 1.1.00.15_1.00.15NA and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.15_1.00.15NA. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability, which was classified as problematic, has been found in Netgear DGND3700 1.1.00.15_1.00.15NA. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

NETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was found in Netgear EX6200 1.0.3.94. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was found in Netgear EX6200 1.0.3.94. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability was found in Netgear EX6200 1.0.3.94 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability, which was classified as critical, has been found in Netgear EX6200 1.0.3.94. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability, which was classified as critical, has been found in Netgear EX6120 1.0.3.94. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

A vulnerability classified as critical was found in Netgear EX6120 1.0.0.68. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

A vulnerability, which was classified as critical, was found in Netgear JWNR2000v2 1.0.0.11. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

A vulnerability, which was classified as critical, has been found in Netgear JWNR2000v2 1.0.0.11. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

A vulnerability classified as critical was found in Netgear JWNR2000v2 1.0.0.11. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

A vulnerability classified as critical has been found in Netgear JWNR2000v2 1.0.0.11. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow vulnerability in Netgear- R61 router V1.0.1.28 allows a remote attacker to execute arbitrary code via the QUERY_STRING key value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Inc WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the parse_st_header function due to use of a request header parameter in a strncpy where size is. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the SetDefaultConnectionService function due to an unconstrained use of sscanf. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

In Netgear WNR854T 1.5.2 (North America), the UPNP service is vulnerable to command injection in the function addmap_exec which parses the NewInternalClient parameter of the AddPortMapping SOAPAction. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear WNR854T 1.5.2 (North America) is vulnerable to Arbitrary command execution in cmd.cgi which allows for the execution of system commands via the web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.2%.

Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.2%.

In Netgear WNR854T 1.5.2 (North America), the UPNP service (/usr/sbin/upnp) is vulnerable to stack-based buffer overflow in the M-SEARCH Host header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in the usb_adv.cgi, which allows remote attackers to execute arbitrary commands via parameter "deviceName" passed to the binary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear DGN2200 router firmware v1.0.0.46 and earlier contains an authentication bypass. By appending ?x=1.gif to any URL, the router's authentication check is fooled into treating the request as an image file, granting unauthenticated access to all management functions including configuration and firmware management.

NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 before 2.3.2.134 allow remote code execution by unauthenticated users. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

The end-of-life Netgear FVS336Gv2 and FVS336Gv3 are affected by a command injection vulnerability in the Telnet interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

NETGEAR DGN1000 routers with firmware before 1.1.00.48 contain an unauthenticated remote command execution vulnerability via the setup.cgi endpoint. The vulnerability has been exploited in the wild since at least 2017, notably by the Mirai-derived Reaper/IoTroop botnet for large-scale DDoS operations.