Skip to main content

Netgear

748 CVEs vendor

Monthly

CVE-2024-52029 MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at genie_pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R7000P Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-52028 MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at wiz_pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R7000P Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-52026 MEDIUM This Month

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at bsw_pppoe.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear Xr300 Firmware R7000P Firmware +1
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-52025 MEDIUM This Month

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at geniepppoe.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear Xr300 Firmware R7000P Firmware +1
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-52024 MEDIUM This Month

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at wizpppoe.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear Xr300 Firmware R7000P Firmware +1
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-52023 MEDIUM This Month

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe2.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear Xr300 Firmware R7000P Firmware +1
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-52022 HIGH This Week

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component wlg_adv.cgi via the apmode_gateway. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware Xr300 Firmware R7000P Firmware +1
NVD GitHub
CVSS 3.1
8.0
EPSS
1.0%
CVE-2024-52021 HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at bsw_fix.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.0%
CVE-2024-52020 HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at wiz_fix2.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.0%
CVE-2024-52019 HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at genie_fix2.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.6%
CVE-2024-52018 HIGH This Week

Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at genie_dyn.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear Xr300 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.6%
CVE-2024-52017 MEDIUM This Month

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at bridge_wireless_main.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear Xr300 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.4%
CVE-2024-52016 MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component wlg_adv.cgi via the apmode_dns1_pri. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware Xr300 Firmware +2
NVD GitHub
CVSS 3.1
5.7
EPSS
0.4%
CVE-2024-52015 MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at bsw_pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware Xr300 Firmware +2
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-52014 MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at genie_pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware Xr300 Firmware +2
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-52013 MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at wiz_pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware Xr300 Firmware +2
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51022 MEDIUM This Month

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the ssid parameter in bridge_wireless_main.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear Xr300 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51021 HIGH This Week

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a command injection vulnerability via the wan_gateway parameter at genie_fix2.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear Xr300 Firmware R7000P Firmware R6400V2 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.8%
CVE-2024-51020 MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the apn parameter at usbISP_detail_edit.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R7000P Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51019 MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pppoe_localnetmask parameter at pppoe.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R7000P Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51018 MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R7000P Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51017 MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the l2tp_user_netmask parameter at l2tp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R7000P Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51016 MEDIUM This Month

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the addName%d parameter in usb_approve.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear Xr300 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51015 MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a command injection vulnerability via the device_name2 parameter at operation_mode.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Command Injection Netgear R7000P Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.6%
CVE-2024-51014 MEDIUM This Month

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the ssid_an parameter in bridge_wireless_main.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear Xr300 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51013 MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the RADIUSAddr%d_wla parameter at wireless.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R7000P Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51012 MEDIUM This Month

Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_pri_dns parameter at ipv6_fix.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51011 MEDIUM This Month

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear Xr300 Firmware R7000P Firmware +1
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51010 HIGH This Week

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component ap_mode.cgi via the apmode_gateway. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware Xr300 Firmware R7000P Firmware +1
NVD GitHub
CVSS 3.1
8.0
EPSS
0.9%
CVE-2024-51009 HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at ether.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.9%
CVE-2024-51008 HIGH This Week

Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at wiz_dyn.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear Xr300 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.9%
CVE-2024-51007 MEDIUM This Month

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at wireless.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear Xr300 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51006 MEDIUM This Month

Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_static_ip parameter in the ipv6_tunnel function. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51005 HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the share_name parameter at usb_remote_smb_conf.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.8%
CVE-2024-51004 MEDIUM This Month

Netgear R8500 v1.0.2.160 and R7000P v1.3.3.154 were discovered to multiple stack overflow vulnerabilities in the component usb_device.cgi via the cifs_user, read_access, and write_access parameters. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware R7000P Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51003 MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component ap_mode.cgi via the apmode_dns1_pri. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware Xr300 Firmware +2
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51002 MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the l2tp_user_ip parameter at l2tp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware Xr300 Firmware +2
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51001 MEDIUM This Month

Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the sysDNSHost parameter at ddns.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51000 MEDIUM This Month

Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component wireless.cgi via the opmode, opmode_an, and opmode_an_2 parameters. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-50999 MEDIUM This Month

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at password.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Command Injection Netgear R8500 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.7%
CVE-2024-50998 MEDIUM This Month

Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component openvpn.cgi via the openvpn_service_port and openvpn_service_port_tun parameters. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-50997 MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware Xr300 Firmware +2
NVD GitHub
CVSS 3.1
5.7
EPSS
0.4%
CVE-2024-50996 MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the bpa_server parameter at genie_bpa.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware Xr300 Firmware +2
NVD GitHub
CVSS 3.1
5.7
EPSS
0.4%
CVE-2024-50995 MEDIUM This Month

Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the share_name parameter at usb_remote_smb_conf.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-50994 MEDIUM This Month

Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component ipv6_fix.cgi via the ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, and ipv6_lan_length. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-50993 HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at admin_account.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.9%
CVE-2024-35520 MEDIUM This Month

Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R7000 Firmware
NVD
CVSS 3.1
6.8
EPSS
9.1%
CVE-2024-35519 MEDIUM This Month

Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear Ex3700 Firmware Ex6100 Firmware Ex6120 Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
1.0%
CVE-2024-35518 MEDIUM This Month

Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri parameter. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear Ex6120 Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
1.0%
CVE-2024-35522 HIGH POC This Week

Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Netgear Ex3700 Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
1.8%
CVE-2024-35517 HIGH This Week

Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Netgear Xr1000 Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
14.1%
CVE-2024-42756 HIGH This Week

An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker to execute arbitrary code via the Diagnostics page. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Netgear Dgn1000Ww Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
13.5%
CVE-2024-6814 HIGH This Week

NETGEAR ProSAFE Network Management System getFilterString SQL Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Netgear Prosafe Network Management System
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2024-6813 HIGH This Week

NETGEAR ProSAFE Network Management System getSortString SQL Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Netgear Prosafe Network Management System
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2024-7153 MEDIUM This Month

A vulnerability classified as problematic has been found in Netgear WN604 up to 20240719. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Netgear
NVD VulDB
CVSS 4.0
6.9
EPSS
0.5%
CVE-2024-6646 MEDIUM POC THREAT This Month

A vulnerability was found in Netgear WN604 up to 20240710. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Netgear
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
45.7%
CVE-2024-36792 HIGH POC This Week

An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to gain access to the router's pin. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear Wnr614 Firmware
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2024-36790 HIGH POC This Week

Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear Wnr614 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-36789 HIGH POC This Week

An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Brute Force Information Disclosure Netgear Wnr614 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-36788 MEDIUM POC This Month

Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Netgear Wnr614 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-36787 HIGH POC This Week

An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Netgear Wnr614 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-36795 MEDIUM POC This Month

Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access URLs and directories embedded within the firmware via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Netgear Wnr614 Firmware
NVD
CVSS 3.1
4.0
EPSS
0.3%
CVE-2024-5505 HIGH This Week

NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Netgear Prosafe Network Management System
NVD
CVSS 3.1
8.8
EPSS
47.0%
CVE-2024-5247 HIGH This Week

NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear RCE File Upload Prosafe Network Management System
NVD
CVSS 3.1
8.8
EPSS
26.9%
CVE-2024-5246 HIGH This Week

NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat RCE Apache Netgear Prosafe Network Management Software 300
NVD
CVSS 3.1
8.8
EPSS
31.3%
CVE-2024-5245 HIGH This Week

NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Netgear Prosafe Network Management System
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-4235 MEDIUM POC This Month

A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear Dg834Gv5 Firmware
NVD VulDB
CVSS 3.1
4.9
EPSS
0.6%
CVE-2024-30572 HIGH POC This Week

Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntp_server parameter. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Netgear R6850 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.5%
CVE-2024-30571 HIGH POC THREAT This Week

An information leak in the BRS_top.html component of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear R6850 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
13.8%
CVE-2024-30570 MEDIUM POC This Month

An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear R6850 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2024-30569 HIGH POC This Week

An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear R6850 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2024-30568 CRITICAL POC THREAT Act Now

Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Command Injection RCE Netgear R6850 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
47.2%
CVE-2024-28340 HIGH POC This Week

An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear Cbk40 Firmware Cbk43 Firmware Cbr40 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-28339 MEDIUM POC This Month

An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear Cbk40 Firmware Cbr40 Firmware Cbk43 Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-1431 MEDIUM POC This Month

A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear R7000 Firmware
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-1430 MEDIUM POC This Month

A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear R7000 Firmware
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2023-50089 CRITICAL POC Act Now

A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Wnr2000 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2023-49007 CRITICAL POC Act Now

In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-based buffer overflow in /usr/sbin/httpd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Netgear Rbr750 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
9.0%
CVE-2023-49694 HIGH POC This Week

A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Tomcat Netgear Microsoft Authentication Bypass Prosafe Network Management System
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-49693 CRITICAL POC Act Now

NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Netgear RCE Authentication Bypass Prosafe Network Management System
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-36187 CRITICAL Act Now

Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Netgear Cbr40 Firmware Lax20 Firmware +13
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-39550 HIGH POC This Week

Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the check_auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netgear Jwnr2000V2 Firmware Xwn5001 Firmware Xavn2001V2 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-38928 CRITICAL Act Now

Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection R7100Lg Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-38926 HIGH POC This Week

Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netgear Ex6200 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-38925 HIGH This Week

Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer overflow via the http_passwd parameter in password.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Dc112A Firmware Ex6200 Firmware R6300V2 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
14.6%
CVE-2023-38924 MEDIUM This Month

Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Dgn3500 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-38922 HIGH This Week

Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Jwnr2000V2 Firmware Xwn5001 Firmware Xavn2001V2 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-38921 HIGH This Week

Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection Wg302V2 Firmware Wag302V2 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-38591 HIGH POC This Week

Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer overflows via the wla_ssid and wla_temp_ssid parameters at bsw_ssid.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netgear Dg834Gv5 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-38412 HIGH POC This Week

Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netgear R6900P Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at genie_pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +1
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at wiz_pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +1
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at bsw_pppoe.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +3
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at geniepppoe.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +3
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at wizpppoe.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +3
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe2.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +3
NVD GitHub
EPSS 1% CVSS 8.0
HIGH This Week

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component wlg_adv.cgi via the apmode_gateway. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware +3
NVD GitHub
EPSS 1% CVSS 8.0
HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at bsw_fix.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
EPSS 1% CVSS 8.0
HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at wiz_fix2.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
EPSS 2% CVSS 8.0
HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at genie_fix2.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
EPSS 2% CVSS 8.0
HIGH This Week

Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at genie_dyn.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear Xr300 Firmware
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at bridge_wireless_main.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +1
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component wlg_adv.cgi via the apmode_dns1_pri. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +4
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at bsw_pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +4
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at genie_pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +4
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at wiz_pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +4
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the ssid parameter in bridge_wireless_main.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +1
NVD GitHub
EPSS 1% CVSS 8.0
HIGH This Week

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a command injection vulnerability via the wan_gateway parameter at genie_fix2.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear Xr300 Firmware +2
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the apn parameter at usbISP_detail_edit.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +1
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pppoe_localnetmask parameter at pppoe.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +1
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +1
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the l2tp_user_netmask parameter at l2tp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +1
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the addName%d parameter in usb_approve.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +1
NVD GitHub
EPSS 1% CVSS 5.7
MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a command injection vulnerability via the device_name2 parameter at operation_mode.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Command Injection Netgear +1
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the ssid_an parameter in bridge_wireless_main.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +1
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the RADIUSAddr%d_wla parameter at wireless.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +1
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_pri_dns parameter at ipv6_fix.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +1
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +3
NVD GitHub
EPSS 1% CVSS 8.0
HIGH This Week

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component ap_mode.cgi via the apmode_gateway. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware +3
NVD GitHub
EPSS 1% CVSS 8.0
HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at ether.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
EPSS 1% CVSS 8.0
HIGH This Week

Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at wiz_dyn.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear Xr300 Firmware
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at wireless.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +1
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_static_ip parameter in the ipv6_tunnel function. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +1
NVD GitHub
EPSS 1% CVSS 8.0
HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the share_name parameter at usb_remote_smb_conf.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R8500 v1.0.2.160 and R7000P v1.3.3.154 were discovered to multiple stack overflow vulnerabilities in the component usb_device.cgi via the cifs_user, read_access, and write_access parameters. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +2
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component ap_mode.cgi via the apmode_dns1_pri. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +4
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the l2tp_user_ip parameter at l2tp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +4
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the sysDNSHost parameter at ddns.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +1
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component wireless.cgi via the opmode, opmode_an, and opmode_an_2 parameters. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +1
NVD GitHub
EPSS 1% CVSS 5.7
MEDIUM This Month

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at password.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Command Injection Netgear +1
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component openvpn.cgi via the openvpn_service_port and openvpn_service_port_tun parameters. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +1
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +4
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the bpa_server parameter at genie_bpa.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +4
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the share_name parameter at usb_remote_smb_conf.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +1
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component ipv6_fix.cgi via the ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, and ipv6_lan_length. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +1
NVD GitHub
EPSS 1% CVSS 8.0
HIGH This Week

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at admin_account.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware
NVD GitHub
EPSS 9% CVSS 6.8
MEDIUM This Month

Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R7000 Firmware
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear Ex3700 Firmware +2
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM This Month

Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri parameter. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear Ex6120 Firmware
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Netgear Ex3700 Firmware
NVD GitHub
EPSS 14% CVSS 7.2
HIGH This Week

Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Netgear Xr1000 Firmware
NVD GitHub
EPSS 14% CVSS 8.8
HIGH This Week

An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker to execute arbitrary code via the Diagnostics page. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Netgear +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

NETGEAR ProSAFE Network Management System getFilterString SQL Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Netgear +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

NETGEAR ProSAFE Network Management System getSortString SQL Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Netgear +1
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

A vulnerability classified as problematic has been found in Netgear WN604 up to 20240719. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Netgear
NVD VulDB
EPSS 46% CVSS 6.9
MEDIUM POC THREAT This Month

A vulnerability was found in Netgear WN604 up to 20240710. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Netgear
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH POC This Week

An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to gain access to the router's pin. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear Wnr614 Firmware
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear Wnr614 Firmware
NVD
EPSS 0% CVSS 8.1
HIGH POC This Week

An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Brute Force Information Disclosure Netgear +1
NVD
EPSS 0% CVSS 4.8
MEDIUM POC This Month

Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Netgear Wnr614 Firmware
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Netgear Wnr614 Firmware
NVD
EPSS 0% CVSS 4.0
MEDIUM POC This Month

Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access URLs and directories embedded within the firmware via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Netgear Wnr614 Firmware
NVD
EPSS 47% CVSS 8.8
HIGH This Week

NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Netgear +1
NVD
EPSS 27% CVSS 8.8
HIGH This Week

NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear RCE File Upload +1
NVD
EPSS 31% CVSS 8.8
HIGH This Week

NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat RCE Apache +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Netgear +1
NVD
EPSS 1% CVSS 4.9
MEDIUM POC This Month

A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear Dg834Gv5 Firmware
NVD VulDB
EPSS 1% CVSS 8.0
HIGH POC This Week

Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntp_server parameter. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Netgear R6850 Firmware
NVD GitHub
EPSS 14% CVSS 7.5
HIGH POC THREAT This Week

An information leak in the BRS_top.html component of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear R6850 Firmware
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear R6850 Firmware
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear R6850 Firmware
NVD GitHub
EPSS 47% CVSS 9.8
CRITICAL POC THREAT Act Now

Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Command Injection RCE +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear Cbk40 Firmware +2
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear Cbk40 Firmware +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear R7000 Firmware
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netgear R7000 Firmware
NVD GitHub VulDB
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Wnr2000 Firmware
NVD GitHub
EPSS 9% CVSS 9.8
CRITICAL POC Act Now

In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-based buffer overflow in /usr/sbin/httpd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Netgear +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Tomcat Netgear Microsoft +2
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Netgear RCE +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Netgear +15
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the check_auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netgear Jwnr2000V2 Firmware +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection R7100Lg Firmware
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netgear Ex6200 Firmware
NVD GitHub
EPSS 15% CVSS 8.8
HIGH This Week

Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer overflow via the http_passwd parameter in password.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Dc112A Firmware +2
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Dgn3500 Firmware
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Jwnr2000V2 Firmware +2
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection Wg302V2 Firmware +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer overflows via the wla_ssid and wla_temp_ssid parameters at bsw_ssid.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netgear Dg834Gv5 Firmware
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netgear R6900P Firmware
NVD GitHub
Prev Page 2 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy