R8500 Firmware
Monthly
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component wlg_adv.cgi via the apmode_gateway. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at bsw_fix.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at wiz_fix2.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at genie_fix2.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component wlg_adv.cgi via the apmode_dns1_pri. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at bsw_pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at genie_pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at wiz_pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_pri_dns parameter at ipv6_fix.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component ap_mode.cgi via the apmode_gateway. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at ether.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_static_ip parameter in the ipv6_tunnel function. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the share_name parameter at usb_remote_smb_conf.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 and R7000P v1.3.3.154 were discovered to multiple stack overflow vulnerabilities in the component usb_device.cgi via the cifs_user, read_access, and write_access parameters. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component ap_mode.cgi via the apmode_dns1_pri. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the l2tp_user_ip parameter at l2tp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the sysDNSHost parameter at ddns.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component wireless.cgi via the opmode, opmode_an, and opmode_an_2 parameters. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at password.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component openvpn.cgi via the openvpn_service_port and openvpn_service_port_tun parameters. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the bpa_server parameter at genie_bpa.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the share_name parameter at usb_remote_smb_conf.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component ipv6_fix.cgi via the ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, and ipv6_lan_length. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at admin_account.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
Certain NETGEAR devices are affected by command injection by an authenticated user. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
Certain NETGEAR devices are affected by weak cryptography. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by authentication bypass. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by command injection by an authenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component wlg_adv.cgi via the apmode_gateway. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at bsw_fix.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at wiz_fix2.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at genie_fix2.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component wlg_adv.cgi via the apmode_dns1_pri. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at bsw_pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at genie_pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at wiz_pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_pri_dns parameter at ipv6_fix.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component ap_mode.cgi via the apmode_gateway. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at ether.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_static_ip parameter in the ipv6_tunnel function. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the share_name parameter at usb_remote_smb_conf.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 and R7000P v1.3.3.154 were discovered to multiple stack overflow vulnerabilities in the component usb_device.cgi via the cifs_user, read_access, and write_access parameters. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component ap_mode.cgi via the apmode_dns1_pri. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the l2tp_user_ip parameter at l2tp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the sysDNSHost parameter at ddns.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component wireless.cgi via the opmode, opmode_an, and opmode_an_2 parameters. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at password.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component openvpn.cgi via the openvpn_service_port and openvpn_service_port_tun parameters. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at pptp.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the bpa_server parameter at genie_bpa.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the share_name parameter at usb_remote_smb_conf.cgi. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component ipv6_fix.cgi via the ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, and ipv6_lan_length. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at admin_account.cgi. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
Certain NETGEAR devices are affected by command injection by an authenticated user. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.
Certain NETGEAR devices are affected by weak cryptography. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by authentication bypass. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Certain NETGEAR devices are affected by command injection by an authenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.