Skip to main content

Netgear

748 CVEs vendor

Monthly

CVE-2020-26906 HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Cbr40 Firmware Rbk752 Firmware Rbr750 Firmware +4
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-26905 HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Cbr40 Firmware Rbk752 Firmware Rbr750 Firmware +4
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-26904 HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Cbr40 Firmware Rbk752 Firmware Rbr750 Firmware +4
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2020-26903 HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Cbr40 Firmware Rbk752 Firmware Rbr750 Firmware +4
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-26902 HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk752 Firmware Rbr750 Firmware Rbs750 Firmware +3
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-26901 MEDIUM This Month

Certain NETGEAR devices are affected by disclosure of sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Rbk752 Firmware Rbr750 Firmware Rbs750 Firmware +3
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-26900 HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Cbr40 Firmware Rbk752 Firmware Rbr750 Firmware +4
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-26899 MEDIUM This Month

Certain NETGEAR devices are affected by disclosure of sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Cbr40 Firmware Rbk752 Firmware Rbr750 Firmware +4
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-26898 HIGH This Week

NETGEAR RAX40 devices before 1.0.3.80 are affected by incorrect configuration of security settings. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Rax40 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-26897 HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Cbr40 Firmware Rbk752 Firmware Rbr750 Firmware +4
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-25067 HIGH This Week

NETGEAR R8300 devices before 1.0.2.134 are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection R8300 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-5621 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Netgear CSRF Gs716Tv2 Firmware Gs724Tv3 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-15636 CRITICAL Act Now

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R6400, R6700, R7000, R7850, R7900, R8000, RS400, and XR300 routers with firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Stack Overflow RCE R6700 Firmware
NVD
CVSS 3.1
9.8
EPSS
8.5%
CVE-2020-15635 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers with firmware 1.0.4.84_10.0.58. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Stack Overflow RCE R6700 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-15634 MEDIUM This Month

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers with firmware 1.0.4.84_10.0.58. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear RCE R6700 Firmware
NVD
CVSS 3.1
6.3
EPSS
1.4%
CVE-2020-15417 MEDIUM This Month

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Stack Overflow RCE R6700 Firmware
NVD
CVSS 3.1
6.3
EPSS
1.3%
CVE-2020-15416 HIGH This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Stack Overflow R6700 Firmware
NVD
CVSS 3.1
8.8
EPSS
6.4%
CVE-2020-10930 MEDIUM This Month

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Authentication Bypass R6700 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-10929 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear RCE R6700 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-10928 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Heap Overflow RCE R6700 Firmware
NVD
CVSS 3.1
8.4
EPSS
0.6%
CVE-2020-10927 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear RCE R6700 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-10926 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear RCE R6700 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-10925 HIGH This Week

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear RCE R6700 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-10924 HIGH POC THREAT This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Stack Overflow R6700 Firmware
NVD
CVSS 3.1
8.8
EPSS
87.3%
CVE-2020-10923 HIGH POC THREAT This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear RCE R6700 Firmware
NVD
CVSS 3.1
8.8
EPSS
84.7%
CVE-2020-14442 HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk752 Firmware Rbk753 Firmware Rbk753S Firmware +9
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-14441 HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk752 Firmware Rbk753 Firmware Rbk753S Firmware +9
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-14440 HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk752 Firmware Rbk753 Firmware Rbk753S Firmware +9
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2020-14439 HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk752 Firmware Rbk753 Firmware Rbk753S Firmware +9
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2020-14438 HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk752 Firmware Rbk753 Firmware Rbk753S Firmware +9
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-14437 HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk752 Firmware Rbk753 Firmware Rbk753S Firmware +9
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-14436 HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk752 Firmware Rbk753 Firmware Rbk753S Firmware +9
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-14435 HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Srk60 Firmware Srs60 Firmware Srr60 Firmware +4
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-14434 MEDIUM This Month

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Netgear Command Injection Rbk752 Firmware Rbk753 Firmware Rbk753S Firmware +9
NVD
CVSS 3.1
6.8
EPSS
0.8%
CVE-2020-14433 MEDIUM This Month

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Netgear Command Injection Rbk852 Firmware Rbk853 Firmware Rbk842 Firmware +9
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2020-14432 HIGH This Week

Certain NETGEAR devices are affected by CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear CSRF Rbk752 Firmware Rbk753 Firmware Rbk753S Firmware +9
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2020-14431 HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Rbk752 Firmware Rbk753 Firmware Rbk753S Firmware +9
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-14430 HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Rbk752 Firmware Rbk753 Firmware Rbk753S Firmware +9
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-14429 HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Mk62 Firmware Mk63 Firmware Mr60 Firmware +13
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-14428 HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Rbk752 Firmware Rbk753 Firmware Rbk753S Firmware +9
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2020-14427 HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Rbk752 Firmware Rbk753 Firmware Rbk753S Firmware +9
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-14426 HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Rbk752 Firmware Rbk753 Firmware Rbk753S Firmware +9
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2020-13245 MEDIUM POC This Month

Certain NETGEAR devices are affected by Missing SSL Certificate Validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Netgear Information Disclosure R6120 Firmware R6220 Firmware R6350 Firmware +11
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2020-11551 HIGH POC This Week

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Authentication Bypass Rbs50Y Firmware Srr60 Firmware Srs60 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-11550 MEDIUM POC This Month

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Information Disclosure Rbs50Y Firmware Srr60 Firmware Srs60 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2020-11549 HIGH POC This Week

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Authentication Bypass RCE Rbs50Y Firmware Srr60 Firmware +1
NVD GitHub
CVSS 3.1
8.8
EPSS
4.1%
CVE-2020-11792 HIGH This Week

NETGEAR R8900, R9000, RAX120, and XR700 devices before 2020-01-20 are affected by Transport Layer Security (TLS) certificate private key disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure R8900 Firmware R9000 Firmware Rax120 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-11791 MEDIUM This Month

NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Netgear Jgs516Pe Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-11790 CRITICAL Act Now

NETGEAR R7800 devices before 1.0.2.68 are affected by remote code execution by unauthenticated attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear RCE R7800 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-11789 CRITICAL Act Now

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection R6400 Firmware R6700 Firmware R6900 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2020-11788 HIGH This Week

Certain NETGEAR devices are affected by authentication bypass. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Authentication Bypass D6200 Firmware D7000 Firmware Pr2000 Firmware +9
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2020-11787 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500 Firmware R7800 Firmware +14
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2020-11786 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500 Firmware R7800 Firmware +8
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-11785 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500 Firmware R7800 Firmware +8
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2020-11784 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500 Firmware R7800 Firmware +8
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2020-11783 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500 Firmware R7800 Firmware +5
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-11782 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500 Firmware R7800 Firmware +5
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-11781 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500 Firmware R7800 Firmware +8
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2020-11780 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500 Firmware R7800 Firmware +5
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-11779 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500 Firmware R7800 Firmware +5
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2020-11778 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500 Firmware R7800 Firmware +5
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-11777 MEDIUM This Month

Certain NETGEAR devices are affected by Stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500 Firmware R7800 Firmware +5
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-11776 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500 Firmware R7800 Firmware +5
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-11775 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500 Firmware R7800 Firmware +14
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-11774 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500 Firmware R7800 Firmware +5
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-11773 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500 Firmware R7800 Firmware +5
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-11772 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500 Firmware R7800 Firmware +5
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-11771 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500 Firmware R7800 Firmware +5
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-11770 HIGH This Week

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection D6220 Firmware D6400 Firmware D8500 Firmware +23
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2020-11769 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500 Firmware R7800 Firmware +13
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-11768 MEDIUM This Month

Certain NETGEAR devices are affected by Stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware R7500 Firmware R7800 Firmware +14
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2019-17373 CRITICAL Act Now

Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Mbr1515 Firmware Mbr1516 Firmware Dgn2200 Firmware +7
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-17372 HIGH POC This Week

Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Netgear Authentication Bypass Ac1450 Firmware D8500 Firmware Dc112A Firmware +30
NVD GitHub
CVSS 3.1
8.1
EPSS
1.7%
CVE-2019-17049 HIGH POC This Week

NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear SQLi Srx5308 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2019-5055 HIGH POC This Week

An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Netgear Wnr2000 Firmware
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2019-5054 HIGH POC This Week

An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Netgear Wnr2000 Firmware
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2019-14527 CRITICAL POC Act Now

An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Mr1100 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2019-14526 HIGH POC This Week

An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear CSRF Mr1100 Firmware
NVD
CVSS 3.0
8.1
EPSS
0.7%
CVE-2019-14363 CRITICAL POC Act Now

A stack-based buffer overflow in the upnpd binary running on NETGEAR WNDR3400v3 routers with firmware version 1.0.1.18_1.0.63 allows an attacker to remotely execute arbitrary code via a crafted UPnP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Buffer Overflow RCE Memory Corruption Wndr3400V3 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
3.1%
CVE-2019-5017 MEDIUM This Month

An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure R8000 Firmware Netusb Ko
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2019-5016 CRITICAL Act Now

An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Denial Of Service Information Disclosure R8000 Firmware R7900 Firmware +1
NVD
CVSS 3.1
9.1
EPSS
3.6%
CVE-2019-12591 HIGH This Week

NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection Insight
NVD
CVSS 3.0
7.6
EPSS
0.9%
CVE-2017-6862 CRITICAL KEV THREAT Emergency

NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 37.5%.

Buffer Overflow Authentication Bypass RCE Netgear
NVD
CVSS 3.1
9.8
EPSS
37.5%
Threat
4.6
CVE-2016-1557 CRITICAL PATCH Act Now

Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Netgear Information Disclosure Wnap320 Firmware Wndap350 Firmware Wndap360 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2016-1556 HIGH PATCH This Week

Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Netgear Information Disclosure Wnap320 Firmware Wndap350 Firmware Wndap360 Firmware +3
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2016-1555 CRITICAL POC KEV PATCH THREAT Act Now

(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection PHP Netgear
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
94.3%
Threat
7.8
CVE-2017-6366 HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Netgear Dgn2200 Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-6334 HIGH POC KEV THREAT Act Now

dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection Netgear
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
89.2%
Threat
7.4
CVE-2017-6077 CRITICAL POC KEV THREAT Emergency

ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection Netgear
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
86.1%
Threat
7.5
CVE-2016-10176 CRITICAL POC PATCH THREAT Act Now

The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 86.6%.

RCE Netgear Wnr2000V5 Firmware
NVD Exploit-DB VulDB
CVSS 3.0
9.8
EPSS
86.6%
Threat
6.1
EPSS 1% CVSS 8.8
HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Cbr40 Firmware +6
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Cbr40 Firmware +6
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Cbr40 Firmware +6
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Cbr40 Firmware +6
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk752 Firmware +5
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Certain NETGEAR devices are affected by disclosure of sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Rbk752 Firmware +5
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Cbr40 Firmware +6
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Certain NETGEAR devices are affected by disclosure of sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Cbr40 Firmware +6
NVD
EPSS 1% CVSS 8.8
HIGH This Week

NETGEAR RAX40 devices before 1.0.3.80 are affected by incorrect configuration of security settings. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Rax40 Firmware
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Cbr40 Firmware +6
NVD
EPSS 2% CVSS 8.8
HIGH This Week

NETGEAR R8300 devices before 1.0.2.134 are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection R8300 Firmware
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Netgear CSRF Gs716Tv2 Firmware +1
NVD
EPSS 9% CVSS 9.8
CRITICAL Act Now

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R6400, R6700, R7000, R7850, R7900, R8000, RS400, and XR300 routers with firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Stack Overflow +2
NVD
EPSS 3% CVSS 8.8
HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers with firmware 1.0.4.84_10.0.58. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Stack Overflow +2
NVD
EPSS 1% CVSS 6.3
MEDIUM This Month

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers with firmware 1.0.4.84_10.0.58. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear RCE R6700 Firmware
NVD
EPSS 1% CVSS 6.3
MEDIUM This Month

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Stack Overflow +2
NVD
EPSS 6% CVSS 8.8
HIGH This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Stack Overflow +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Authentication Bypass R6700 Firmware
NVD
EPSS 2% CVSS 8.8
HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear RCE R6700 Firmware
NVD
EPSS 1% CVSS 8.4
HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Heap Overflow +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear RCE R6700 Firmware
NVD
EPSS 1% CVSS 8.8
HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear RCE R6700 Firmware
NVD
EPSS 1% CVSS 8.8
HIGH This Week

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear RCE R6700 Firmware
NVD
EPSS 87% CVSS 8.8
HIGH POC THREAT This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Stack Overflow +1
NVD
EPSS 85% CVSS 8.8
HIGH POC THREAT This Week

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear RCE R6700 Firmware
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk752 Firmware +11
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk752 Firmware +11
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk752 Firmware +11
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk752 Firmware +11
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk752 Firmware +11
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk752 Firmware +11
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Rbk752 Firmware +11
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Srk60 Firmware +6
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Netgear Command Injection Rbk752 Firmware +11
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Netgear Command Injection Rbk852 Firmware +11
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Certain NETGEAR devices are affected by CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear CSRF Rbk752 Firmware +11
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Rbk752 Firmware +11
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Rbk752 Firmware +11
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Mk62 Firmware +15
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Rbk752 Firmware +11
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Rbk752 Firmware +11
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Certain NETGEAR devices are affected by disclosure of administrative credentials. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Rbk752 Firmware +11
NVD
EPSS 0% CVSS 5.9
MEDIUM POC This Month

Certain NETGEAR devices are affected by Missing SSL Certificate Validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Netgear Information Disclosure R6120 Firmware +13
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Authentication Bypass Rbs50Y Firmware +2
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Month

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Information Disclosure Rbs50Y Firmware +2
NVD GitHub
EPSS 4% CVSS 8.8
HIGH POC This Week

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Authentication Bypass RCE +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

NETGEAR R8900, R9000, RAX120, and XR700 devices before 2020-01-20 are affected by Transport Layer Security (TLS) certificate private key disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure R8900 Firmware +3
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Netgear Jgs516Pe Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

NETGEAR R7800 devices before 1.0.2.68 are affected by remote code execution by unauthenticated attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear RCE R7800 Firmware
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection R6400 Firmware +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Certain NETGEAR devices are affected by authentication bypass. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Authentication Bypass D6200 Firmware +11
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware +16
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware +10
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware +10
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware +10
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware +7
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware +7
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware +10
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware +7
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware +7
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware +7
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

Certain NETGEAR devices are affected by Stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware +7
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware +7
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware +16
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware +7
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware +7
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware +7
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware +7
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection D6220 Firmware +25
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware +15
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

Certain NETGEAR devices are affected by Stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear D7800 Firmware +16
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Mbr1515 Firmware +9
NVD GitHub
EPSS 2% CVSS 8.1
HIGH POC This Week

Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Netgear Authentication Bypass Ac1450 Firmware +32
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear SQLi Srx5308 Firmware
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Netgear +1
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Netgear +1
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Mr1100 Firmware
NVD
EPSS 1% CVSS 8.1
HIGH POC This Week

An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear CSRF Mr1100 Firmware
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

A stack-based buffer overflow in the upnpd binary running on NETGEAR WNDR3400v3 routers with firmware version 1.0.1.18_1.0.63 allows an attacker to remotely execute arbitrary code via a crafted UPnP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Buffer Overflow RCE +2
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM This Month

An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure R8000 Firmware +1
NVD
EPSS 4% CVSS 9.1
CRITICAL Act Now

An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Denial Of Service Information Disclosure +3
NVD
EPSS 1% CVSS 7.6
HIGH This Week

NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection Insight
NVD
EPSS 38% 4.6 CVSS 9.8
CRITICAL KEV THREAT Emergency

NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 37.5%.

Buffer Overflow Authentication Bypass RCE +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Netgear Information Disclosure Wnap320 Firmware +2
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Netgear Information Disclosure Wnap320 Firmware +5
NVD
EPSS 94% 7.8 CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection PHP Netgear
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Netgear +1
NVD Exploit-DB
EPSS 89% 7.4 CVSS 8.8
HIGH POC KEV THREAT Act Now

dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection Netgear
NVD Exploit-DB
EPSS 86% 7.5 CVSS 9.8
CRITICAL POC KEV THREAT Emergency

ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection Netgear
NVD Exploit-DB
EPSS 87% 6.1 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 86.6%.

RCE Netgear Wnr2000V5 Firmware
NVD Exploit-DB VulDB
Prev Page 8 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy