Skip to main content

Netgear

748 CVEs vendor

Monthly

CVE-2016-10175 CRITICAL POC PATCH THREAT Act Now

The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 81.6%.

Netgear Information Disclosure Wnr2000V5 Firmware
NVD Exploit-DB VulDB
CVSS 3.0
9.8
EPSS
81.6%
Threat
5.9
CVE-2016-10174 CRITICAL POC KEV THREAT Emergency

The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Buffer Overflow RCE Netgear
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
91.1%
Threat
7.7
CVE-2017-5521 HIGH POC KEV THREAT Act Now

An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Actively exploited in the wild (cisa kev) and public exploit code available.

Information Disclosure Netgear
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
93.8%
Threat
7.4
CVE-2016-10116 HIGH This Week

NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier use a pattern of. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Netgear Privilege Escalation Arlo Base Station Firmware Arlo Q Camera Firmware Arlo Q Plus Camera Firmware
NVD
CVSS 3.0
8.1
EPSS
7.1%
CVE-2016-10115 CRITICAL Act Now

NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Authentication Bypass Arlo Base Station Firmware Arlo Q Camera Firmware Arlo Q Plus Camera Firmware
NVD
CVSS 3.0
9.8
EPSS
6.2%
CVE-2016-10106 MEDIUM PATCH This Month

Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Netgear Fvs336Gv3 Firmware Srx5308 Firmware Fvs318Gv2 Firmware +1
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2016-6277 HIGH POC KEV PATCH THREAT Act Now

NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Netgear CSRF
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
94.3%
Threat
7.6
CVE-2016-5680 HIGH POC THREAT Act Now

Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 33.3%.

Netgear Buffer Overflow RCE Nvrmini 2 Readynas Surveillance
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
33.3%
Threat
4.3
CVE-2016-5679 HIGH POC THREAT Act Now

cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.5%.

Command Injection Netgear Nvrmini 2 Readynas Surveillance
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
15.5%
CVE-2016-5677 HIGH POC THREAT Act Now

NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.2%.

Netgear PHP Information Disclosure Readynas Surveillance Nvrmini 2 +1
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
19.2%
CVE-2016-5676 HIGH POC THREAT Act Now

cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 76.2%.

Netgear Authentication Bypass Readynas Surveillance Nvrsolo Nvrmini 2
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
76.2%
Threat
5.3
CVE-2016-5675 CRITICAL POC THREAT Emergency

handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.1%.

Netgear PHP RCE Readynas Surveillance Crystal +2
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
73.1%
Threat
5.7
CVE-2016-5674 CRITICAL POC THREAT Emergency

__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 89.4%.

Netgear PHP RCE Readynas Surveillance Nvrmini 2 +1
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
89.4%
Threat
6.1
CVE-2015-8289 HIGH This Week

The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure D3600 Firmware D6000 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2015-8288 MEDIUM This Month

NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Netgear Information Disclosure D3600 Firmware D6000 Firmware
NVD
CVSS 3.0
5.9
EPSS
0.6%
CVE-2016-1525 HIGH POC THREAT Act Now

Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 82.7%.

Path Traversal Netgear Prosafe Network Management Software 300
NVD Exploit-DB
CVSS 3.0
8.6
EPSS
82.7%
Threat
5.7
CVE-2016-1524 CRITICAL POC THREAT Emergency

Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2). Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 65.7%.

Netgear Java File Upload Prosafe Network Management Software 300
NVD Exploit-DB
CVSS 3.0
9.6
EPSS
65.7%
Threat
5.4
CVE-2015-8263 HIGH This Week

NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Wnr1000V3 Firmware Wnr1000V3
NVD
CVSS 3.0
8.6
EPSS
0.6%
CVE-2015-3036 CRITICAL POC THREAT Emergency

Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 70.1%.

Netgear Linux Buffer Overflow TP-Link RCE +1
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
70.1%
Threat
5.6
CVE-2014-4864 LOW Monitor

The NETGEAR ProSafe Plus Configuration Utility creates configuration backup files containing cleartext passwords, which might allow remote attackers to obtain sensitive information by reading a file. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Netgear Authentication Bypass Prosafe Firmware
NVD
CVSS 2.0
3.3
EPSS
0.2%
CVE-2014-4927 HIGH POC THREAT Act Now

Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.5%.

Denial Of Service Netgear D-Link Buffer Overflow Micro Httpd +4
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
17.5%
CVE-2014-2969 HIGH This Week

NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Netgear RCE Authentication Bypass Gs108Pe Firmware Gs108Pe
NVD
CVSS 2.0
8.3
EPSS
0.3%
CVE-2013-3069 LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2). Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Netgear Wndr4700 Firmware Wndr4700
NVD VulDB
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-4776 HIGH POC THREAT Act Now

NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 38.0%.

Denial Of Service Netgear Prosafe Firmware Prosafe Gs748T Prosafe Gs510Tp +2
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
38.0%
Threat
4.2
CVE-2013-4775 HIGH POC THREAT Act Now

NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.6%.

Information Disclosure Netgear Prosafe Firmware Prosafe Gs725Ts Prosafe Gs728Tps +8
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
11.6%
CVE-2013-2752 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Netgear Raidiator
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-2751 CRITICAL POC PATCH THREAT Act Now

Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 83.5%.

Netgear Code Injection RCE Raidiator
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
83.5%
Threat
6.0
CVE-2012-2439 HIGH This Week

The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Netgear Prosafe Fvs318N
NVD
CVSS 2.0
7.5
EPSS
0.5%
EPSS 82% 5.9 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 81.6%.

Netgear Information Disclosure Wnr2000V5 Firmware
NVD Exploit-DB VulDB
EPSS 91% 7.7 CVSS 9.8
CRITICAL POC KEV THREAT Emergency

The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Buffer Overflow RCE Netgear
NVD Exploit-DB
EPSS 94% 7.4 CVSS 8.1
HIGH POC KEV THREAT Act Now

An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Actively exploited in the wild (cisa kev) and public exploit code available.

Information Disclosure Netgear
NVD Exploit-DB
EPSS 7% CVSS 8.1
HIGH This Week

NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier use a pattern of. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Netgear Privilege Escalation Arlo Base Station Firmware +2
NVD
EPSS 6% CVSS 9.8
CRITICAL Act Now

NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Authentication Bypass Arlo Base Station Firmware +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR FVS336Gv3, FVS318N, FVS318Gv2, and SRX5308 devices with firmware before 4.3.3-8 allows remote authenticated users to read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Netgear Fvs336Gv3 Firmware +3
NVD
EPSS 94% 7.6 CVSS 8.8
HIGH POC KEV PATCH THREAT Act Now

NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Netgear CSRF
NVD Exploit-DB
EPSS 33% 4.3 CVSS 8.8
HIGH POC THREAT Act Now

Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 33.3%.

Netgear Buffer Overflow RCE +2
NVD Exploit-DB
EPSS 15% CVSS 8.8
HIGH POC THREAT Act Now

cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.5%.

Command Injection Netgear Nvrmini 2 +1
NVD Exploit-DB
EPSS 19% CVSS 7.5
HIGH POC THREAT Act Now

NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.2%.

Netgear PHP Information Disclosure +3
NVD Exploit-DB
EPSS 76% 5.3 CVSS 7.5
HIGH POC THREAT Act Now

cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 76.2%.

Netgear Authentication Bypass Readynas Surveillance +2
NVD Exploit-DB
EPSS 73% 5.7 CVSS 9.8
CRITICAL POC THREAT Emergency

handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.1%.

Netgear PHP RCE +4
NVD Exploit-DB
EPSS 89% 6.1 CVSS 9.8
CRITICAL POC THREAT Emergency

__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 89.4%.

Netgear PHP RCE +3
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH This Week

The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure D3600 Firmware +1
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Netgear Information Disclosure D3600 Firmware +1
NVD
EPSS 83% 5.7 CVSS 8.6
HIGH POC THREAT Act Now

Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 82.7%.

Path Traversal Netgear Prosafe Network Management Software 300
NVD Exploit-DB
EPSS 66% 5.4 CVSS 9.6
CRITICAL POC THREAT Emergency

Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2). Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 65.7%.

Netgear Java File Upload +1
NVD Exploit-DB
EPSS 1% CVSS 8.6
HIGH This Week

NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Wnr1000V3 Firmware +1
NVD
EPSS 70% 5.6 CVSS 10.0
CRITICAL POC THREAT Emergency

Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 70.1%.

Netgear Linux Buffer Overflow +3
NVD Exploit-DB
EPSS 0% CVSS 3.3
LOW Monitor

The NETGEAR ProSafe Plus Configuration Utility creates configuration backup files containing cleartext passwords, which might allow remote attackers to obtain sensitive information by reading a file. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Netgear Authentication Bypass Prosafe Firmware
NVD
EPSS 18% CVSS 7.8
HIGH POC THREAT Act Now

Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.5%.

Denial Of Service Netgear D-Link +6
NVD Exploit-DB
EPSS 0% CVSS 8.3
HIGH This Week

NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Netgear RCE Authentication Bypass +2
NVD
EPSS 0% CVSS 3.5
LOW POC Monitor

Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2). Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Netgear Wndr4700 Firmware +1
NVD VulDB
EPSS 38% 4.2 CVSS 7.8
HIGH POC THREAT Act Now

NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 38.0%.

Denial Of Service Netgear Prosafe Firmware +4
NVD Exploit-DB
EPSS 12% CVSS 7.8
HIGH POC THREAT Act Now

NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.6%.

Information Disclosure Netgear Prosafe Firmware +10
NVD Exploit-DB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF Netgear Raidiator
NVD
EPSS 83% 6.0 CVSS 10.0
CRITICAL POC PATCH THREAT Act Now

Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 83.5%.

Netgear Code Injection RCE +1
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH This Week

The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Netgear Prosafe Fvs318N
NVD
Prev Page 9 of 9

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy