Filtered by vendor Netgear
Subscriptions
Total
1145 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-42756 | 1 Netgear | 1 Dgn1000 Firmware | 2024-08-27 | 8.8 High |
An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker to execute arbitrary code via the Diagnostics page | ||||
CVE-2024-6814 | 1 Netgear | 2 Nms300 Firmware, Prosafe Network Management System | 2024-08-27 | 8.8 High |
NETGEAR ProSAFE Network Management System getFilterString SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the getFilterString method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-23399. | ||||
CVE-2024-6813 | 1 Netgear | 2 Nms300 Firmware, Prosafe Network Management System | 2024-08-27 | 8.8 High |
NETGEAR ProSAFE Network Management System getSortString SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the getSortString method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-23207. | ||||
CVE-2024-1430 | 1 Netgear | 2 R7000, R7000 Firmware | 2024-08-25 | 4.3 Medium |
A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2001-0888 | 3 Atmel, Linksys, Netgear | 3 Firmware, Wap11, Me102 | 2024-08-08 | N/A |
Atmel Firmware 1.3 Wireless Access Point (WAP) allows remote attackers to cause a denial of service via a SNMP request with (1) a community string other than "public" or (2) an unknown OID, which causes the WAP to deny subsequent SNMP requests. | ||||
CVE-2001-0514 | 3 Atmel, Linksys, Netgear | 3 802.11b Vnet-b Access Point, Wap11, Me102 | 2024-08-08 | N/A |
SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of service, or gain access to the network. | ||||
CVE-2002-2354 | 1 Netgear | 1 Fm114p | 2024-08-08 | N/A |
Netgear FM114P firmware 1.3 wireless firewall allows remote attackers to cause a denial of service (crash or hang) via a large number of TCP connection requests. | ||||
CVE-2002-2355 | 1 Netgear | 1 Fm114p | 2024-08-08 | N/A |
Netgear FM114P firmware 1.3 wireless firewall, when configured to backup configuration information, stores DDNS (DynDNS) user name and password, MAC address filtering table and possibly other information in cleartext, which could allow local users to obtain sensitive information. | ||||
CVE-2002-2116 | 1 Netgear | 2 Rm356, Rt338 | 2024-08-08 | N/A |
Netgear RM-356 and RT-338 series SOHO routers allow remote attackers to cause a denial of service (crash) via a UDP port scan, as demonstrated using nmap. | ||||
CVE-2002-2020 | 1 Netgear | 1 Rp114 | 2024-08-08 | N/A |
Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default administrator password and accepts admin logins on the external interface, which allows remote attackers to gain privileges if the password is not changed. | ||||
CVE-2002-1877 | 1 Netgear | 1 Fm114p | 2024-08-08 | N/A |
NETGEAR FM114P allows remote attackers to bypass access restrictions for web sites via a URL that uses the IP address instead of the hostname. | ||||
CVE-2002-1892 | 1 Netgear | 1 Fvs318 | 2024-08-08 | N/A |
NETGEAR FVS318 running firmware 1.1 stores the username and password in a readable format when a backup of the configuration file is made, which allows local users to obtain sensitive information. | ||||
CVE-2002-0238 | 1 Netgear | 1 Rt314 | 2024-08-08 | N/A |
Cross-site scripting vulnerability in web administration interface for NetGear RT314 and RT311 Gateway Routers allows remote attackers to execute arbitrary script on another client via a URL that contains the script. | ||||
CVE-2002-0127 | 1 Netgear | 1 Rp114 | 2024-08-08 | N/A |
Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured to block traffic below port 1024, allows remote attackers to cause a denial of service (hang) via a port scan of the WAN port. | ||||
CVE-2003-1427 | 1 Netgear | 1 Fm114p | 2024-08-08 | N/A |
Directory traversal vulnerability in the web configuration interface in Netgear FM114P 1.4 allows remote attackers to read arbitrary files, such as the netgear.cfg configuration file, via a hex-encoded (%2e%2e%2f) ../ (dot dot slash) in the port parameter. | ||||
CVE-2004-2557 | 1 Netgear | 1 Wg602 | 2024-08-08 | N/A |
NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration. | ||||
CVE-2004-2556 | 1 Netgear | 1 Wg602 | 2024-08-08 | N/A |
NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration. | ||||
CVE-2004-2032 | 1 Netgear | 1 Rp114 | 2024-08-08 | N/A |
Netgear RP114 allows remote attackers to bypass the keyword based URL filtering by requesting a long URL, as demonstrated using a large number of %20 (hex-encoded space) sequences. | ||||
CVE-2004-0611 | 1 Netgear | 1 Fvs318 | 2024-08-08 | N/A |
Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service (no new connections) via a large number of open HTTP connections. | ||||
CVE-2005-4220 | 1 Netgear | 1 Rp114 | 2024-08-07 | N/A |
Netgear RP114, and possibly other versions and devices, allows remote attackers to cause a denial of service via a SYN flood attack between one system on the internal interface and another on the external interface, which temporarily stops routing between the interfaces, as demonstrated using nmap. |