Filtered by vendor Netgear Subscriptions
Total 1208 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-10926 1 Netgear 2 R6700, R6700 Firmware 2024-11-21 8.8 High
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue results from the lack of proper validation of the firmware image prior to performing an upgrade. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9648.
CVE-2020-10925 1 Netgear 2 R6700, R6700 Firmware 2024-11-21 8.8 High
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9647.
CVE-2020-10924 1 Netgear 2 R6700, R6700 Firmware 2024-11-21 8.8 High
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9643.
CVE-2020-10923 1 Netgear 2 R6700, R6700 Firmware 2024-11-21 8.8 High
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A crafted UPnP message can be used to bypass authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9642.
CVE-2019-5055 1 Netgear 2 Wnr2000, Wnr2000 Firmware 2024-11-21 7.5 High
An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in an invalid sequence to the <WFAWLANConfig:1#PutMessage> service can cause a null pointer dereference, resulting in the hostapd service crashing. An unauthenticated attacker can send a specially-crafted SOAP request to trigger this vulnerability.
CVE-2019-5054 1 Netgear 2 Wnr2000, Wnr2000 Firmware 2024-11-21 7.5 High
An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference, resulting in the HTTP service crashing. An unauthenticated attacker can send a specially crafted HTTP request to trigger this vulnerability.
CVE-2019-5017 2 Kcodes, Netgear 3 Netusb.ko, R8000, R8000 Firmware 2024-11-21 5.3 Medium
An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An unauthenticated, remote attacker can craft and send a packet containing an opcode that will trigger the kernel module to return several addresses. One of which can be used to calculate the dynamic base address of the module for further exploitation.
CVE-2019-5016 2 Kcodes, Netgear 5 Netusb.ko, R7900, R7900 Firmware and 2 more 2024-11-21 9.1 Critical
An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid memory read, resulting in a denial of service or remote information disclosure. An unauthenticated attacker can send a crafted packet on the local network to trigger this vulnerability.
CVE-2019-20767 1 Netgear 20 D3600, D3600 Firmware, D6000 and 17 more 2024-11-21 7.2 High
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, D3600 before 1.0.0.75, D6000 before 1.0.0.75, R9000 before 1.0.4.26, R8900 before 1.0.4.26, R7800 before 1.0.2.52, WNDR4500v3 before 1.0.0.58, WNDR4300v2 before 1.0.0.58, WNDR4300 before 1.0.2.104, WNDR3700v4 before 1.0.2.102, and WNR2000v5 before 1.0.0.66.
CVE-2019-20766 1 Netgear 2 R7800, R7800 Firmware 2024-11-21 6.8 Medium
NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user.
CVE-2019-20765 1 Netgear 2 R7800, R7800 Firmware 2024-11-21 6.8 Medium
NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user.
CVE-2019-20764 1 Netgear 2 R7800, R7800 Firmware 2024-11-21 6.8 Medium
NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user.
CVE-2019-20763 1 Netgear 2 R7800, R7800 Firmware 2024-11-21 6.8 Medium
NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user.
CVE-2019-20762 1 Netgear 28 D8500, D8500 Firmware, R6400 and 25 more 2024-11-21 6.8 Medium
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D8500 before 1.0.3.43, R8500 before 1.0.2.128, R8300 before 1.0.2.128, R8000 before 1.0.4.28, R7300DST before 1.0.0.68, R7100LG before 1.0.0.48, R6900P before 1.3.1.44, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R7000P before 1.3.1.44, R7000 before 1.0.9.34, R6900 before 1.0.2.4, R6700 before 1.0.2.6, and R6400 before 1.0.1.44.
CVE-2019-20761 1 Netgear 2 R7800, R7800 Firmware 2024-11-21 8.0 High
NETGEAR R7800 devices before 1.0.2.62 are affected by command injection by an authenticated user.
CVE-2019-20760 1 Netgear 2 R9000, R9000 Firmware 2024-11-21 8.8 High
NETGEAR R9000 devices before 1.0.4.26 are affected by authentication bypass.
CVE-2019-20759 1 Netgear 2 R9000, R9000 Firmware 2024-11-21 5.2 Medium
NETGEAR R9000 devices before 1.0.4.26 are affected by stored XSS.
CVE-2019-20758 1 Netgear 2 R7000, R7000 Firmware 2024-11-21 8.0 High
NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflow by an authenticated user.
CVE-2019-20757 1 Netgear 2 R7800, R7800 Firmware 2024-11-21 6.8 Medium
NETGEAR R7800 devices before 1.0.2.62 are affected by command injection by an authenticated user.
CVE-2019-20756 1 Netgear 36 Ex3700, Ex3700 Firmware, Ex3800 and 33 more 2024-11-21 6.1 Medium
Certain NETGEAR devices are affected by reflected XSS. This affects EX7000 before 1.0.0.64, EX6200 before 1.0.3.86, EX6150 before 1.0.0.38, EX6130 before 1.0.0.22, EX6120 before 1.0.0.40, EX6100 before 1.0.2.22, EX6000 before 1.0.0.30, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, R8300 before 1.0.2.94, R7300DST before 1.0.0.62, R7000P before 1.3.0.20, R6900P before 1.3.0.20, R6400 before 1.0.1.32, R6300v2 before 1.0.4.24, R8500 before 1.0.2.94, WNDR3400v3 before 1.0.1.18, and WN2500RPv2 before 1.0.1.52.