Skip to main content

R6400V2 Firmware

45 CVEs product

Monthly

CVE-2024-52026 MEDIUM This Month

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at bsw_pppoe.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear Xr300 Firmware R7000P Firmware +1
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-52025 MEDIUM This Month

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at geniepppoe.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear Xr300 Firmware R7000P Firmware +1
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-52024 MEDIUM This Month

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at wizpppoe.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear Xr300 Firmware R7000P Firmware +1
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-52023 MEDIUM This Month

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe2.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear Xr300 Firmware R7000P Firmware +1
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-52022 HIGH This Week

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component wlg_adv.cgi via the apmode_gateway. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware Xr300 Firmware R7000P Firmware +1
NVD GitHub
CVSS 3.1
8.0
EPSS
1.0%
CVE-2024-52016 MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component wlg_adv.cgi via the apmode_dns1_pri. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware Xr300 Firmware +2
NVD GitHub
CVSS 3.1
5.7
EPSS
0.4%
CVE-2024-52015 MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at bsw_pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware Xr300 Firmware +2
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-52014 MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at genie_pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware Xr300 Firmware +2
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-52013 MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at wiz_pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware Xr300 Firmware +2
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51021 HIGH This Week

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a command injection vulnerability via the wan_gateway parameter at genie_fix2.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear Xr300 Firmware R7000P Firmware R6400V2 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
0.8%
CVE-2024-51011 MEDIUM This Month

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear Xr300 Firmware R7000P Firmware +1
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51010 HIGH This Week

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component ap_mode.cgi via the apmode_gateway. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware Xr300 Firmware R7000P Firmware +1
NVD GitHub
CVSS 3.1
8.0
EPSS
0.9%
CVE-2024-51003 MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component ap_mode.cgi via the apmode_dns1_pri. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware Xr300 Firmware +2
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-51002 MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the l2tp_user_ip parameter at l2tp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware Xr300 Firmware +2
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2024-50997 MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware Xr300 Firmware +2
NVD GitHub
CVSS 3.1
5.7
EPSS
0.4%
CVE-2024-50996 MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the bpa_server parameter at genie_bpa.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear R8500 Firmware Xr300 Firmware +2
NVD GitHub
CVSS 3.1
5.7
EPSS
0.4%
CVE-2023-36187 CRITICAL Act Now

Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Netgear Cbr40 Firmware Lax20 Firmware +13
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-48196 CRITICAL PATCH Act Now

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Netgear Buffer Overflow Rax40 Firmware Rax35 Firmware R6400V2 Firmware +6
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-45650 HIGH PATCH This Week

Certain NETGEAR devices are affected by disclosure of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Netgear Information Disclosure R7000 Firmware R7900 Firmware R8000 Firmware +5
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-45649 MEDIUM PATCH This Month

Certain NETGEAR devices are affected by disclosure of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Netgear Information Disclosure R6400V2 Firmware R6700V3 Firmware R7000 Firmware +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-45643 MEDIUM PATCH This Month

Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Netgear Information Disclosure R6400V2 Firmware R6700V3 Firmware Xr1000 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-45641 HIGH PATCH This Week

Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Netgear Information Disclosure D3600 Firmware D6000 Firmware D6200 Firmware +46
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-45640 HIGH PATCH This Week

Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Netgear Information Disclosure D3600 Firmware D6000 Firmware D6200 Firmware +48
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2021-45622 CRITICAL Act Now

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Cbr40 Firmware Cbr750 Firmware Eax20 Firmware +37
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-45621 CRITICAL Act Now

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Cbr40 Firmware Cbr750 Firmware Eax20 Firmware +45
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-45620 CRITICAL Act Now

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Cbr40 Firmware Cbr750 Firmware Eax20 Firmware +39
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-45617 CRITICAL Act Now

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Cbr40 Firmware Eax20 Firmware Eax80 Firmware +30
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-45612 CRITICAL Act Now

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Cbr40 Firmware Cbr750 Firmware Eax20 Firmware +36
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-45610 CRITICAL PATCH Act Now

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Netgear D6220 Firmware D6400 Firmware D7000V2 Firmware +25
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-45608 CRITICAL POC PATCH Act Now

Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices are affected by an integer overflow by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Netgear RCE D-Link Integer Overflow TP-Link +4
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-45607 HIGH PATCH This Week

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Netgear Memory Corruption R6400V2 Firmware R6700V3 Firmware +6
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-45606 HIGH PATCH This Week

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Netgear Memory Corruption R6400 Firmware R7000 Firmware +13
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-45554 MEDIUM PATCH This Month

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Netgear Command Injection R6400 Firmware R6400V2 Firmware R6700V3 Firmware +4
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2021-45527 CRITICAL PATCH Act Now

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Netgear Rbk752 Firmware Rbr750 Firmware Rbs750 Firmware +33
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-45525 HIGH PATCH This Week

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Netgear Ex7000 Firmware R6400 Firmware R6400V2 Firmware +12
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-34991 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Stack Overflow RCE Ex3700 Firmware +43
NVD
CVSS 3.1
8.8
EPSS
5.7%
CVE-2021-40847 HIGH POC THREAT This Week

The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Netgear RCE R6400V2 Firmware R6700 Firmware R6700V3 Firmware +8
NVD
CVSS 3.1
8.1
EPSS
10.1%
CVE-2021-38519 HIGH This Week

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection R6250 Firmware R6300 Firmware R6400 Firmware +11
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2020-35800 CRITICAL Act Now

Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Ac2100 Firmware Ac2400 Firmware Ac2600 Firmware +124
NVD
CVSS 3.1
9.4
EPSS
1.9%
CVE-2020-35798 HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Netgear Command Injection R6400V2 Firmware R6700V3 Firmware R6900P Firmware +27
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-35796 CRITICAL Act Now

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Cbr40 Firmware D6220 Firmware D6400 Firmware +66
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-35795 CRITICAL Act Now

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Ac2100 Firmware Ac2400 Firmware Ac2600 Firmware +74
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-28373 HIGH POC This Week

upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netgear Memory Corruption RCE R6400V2 Firmware +12
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-26918 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear Ex7000 Firmware R6250 Firmware R6400 Firmware +7
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-26917 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear Ex7000 Firmware R6250 Firmware R6400 Firmware +6
NVD
CVSS 3.1
4.8
EPSS
0.6%
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at bsw_pppoe.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +3
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at geniepppoe.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +3
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at wizpppoe.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +3
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe2.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +3
NVD GitHub
EPSS 1% CVSS 8.0
HIGH This Week

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component wlg_adv.cgi via the apmode_gateway. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware +3
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component wlg_adv.cgi via the apmode_dns1_pri. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +4
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at bsw_pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +4
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at genie_pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +4
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at wiz_pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +4
NVD GitHub
EPSS 1% CVSS 8.0
HIGH This Week

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a command injection vulnerability via the wan_gateway parameter at genie_fix2.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear Xr300 Firmware +2
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +3
NVD GitHub
EPSS 1% CVSS 8.0
HIGH This Week

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component ap_mode.cgi via the apmode_gateway. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Netgear R8500 Firmware +3
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component ap_mode.cgi via the apmode_dns1_pri. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +4
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the l2tp_user_ip parameter at l2tp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +4
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +4
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the bpa_server parameter at genie_bpa.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Netgear +4
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Netgear +15
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Netgear Buffer Overflow Rax40 Firmware +8
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Certain NETGEAR devices are affected by disclosure of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Netgear Information Disclosure R7000 Firmware +7
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Certain NETGEAR devices are affected by disclosure of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Netgear Information Disclosure R6400V2 Firmware +4
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Netgear Information Disclosure R6400V2 Firmware +2
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Netgear Information Disclosure D3600 Firmware +48
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Week

Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Netgear Information Disclosure D3600 Firmware +50
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Cbr40 Firmware +39
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Cbr40 Firmware +47
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Cbr40 Firmware +41
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Cbr40 Firmware +32
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Command Injection Cbr40 Firmware +38
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Netgear D6220 Firmware +27
NVD
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices are affected by an integer overflow by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Netgear RCE D-Link +6
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Netgear Memory Corruption +8
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Netgear Memory Corruption +15
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Netgear Command Injection R6400 Firmware +6
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Netgear Rbk752 Firmware +35
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Netgear Ex7000 Firmware +14
NVD
EPSS 6% CVSS 8.8
HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Stack Overflow +45
NVD
EPSS 10% CVSS 8.1
HIGH POC THREAT This Week

The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Netgear RCE R6400V2 Firmware +10
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection R6250 Firmware +13
NVD
EPSS 2% CVSS 9.4
CRITICAL Act Now

Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Ac2100 Firmware +126
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Netgear Command Injection R6400V2 Firmware +29
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Cbr40 Firmware +68
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Ac2100 Firmware +76
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netgear Memory Corruption +14
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear Ex7000 Firmware +9
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Netgear Ex7000 Firmware +8
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy