Filtered by vendor Netgear
Subscriptions
Total
1155 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-39550 | 1 Netgear | 6 Jwnr2000v2, Jwnr2000v2 Firmware, Xavn2001v2 and 3 more | 2024-08-02 | 8.8 High |
| Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the check_auth function. | ||||
| CVE-2023-38925 | 1 Netgear | 6 Dc112a, Dc112a Firmware, Ex6200 and 3 more | 2024-08-02 | 8.8 High |
| Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer overflow via the http_passwd parameter in password.cgi. | ||||
| CVE-2023-38926 | 1 Netgear | 2 Ex6200, Ex6200 Firmware | 2024-08-02 | 8.8 High |
| Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set. | ||||
| CVE-2023-38928 | 1 Netgear | 2 R7100lg, R7100lg Firmware | 2024-08-02 | 9.8 Critical |
| Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi. | ||||
| CVE-2023-38922 | 1 Netgear | 6 Jwnr2000v2, Jwnr2000v2 Firmware, Xavn2001v2 and 3 more | 2024-08-02 | 8.8 High |
| Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function. | ||||
| CVE-2023-38924 | 1 Netgear | 2 Dgn3500, Dgn3500 Firmware | 2024-08-02 | 6.5 Medium |
| Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi. | ||||
| CVE-2023-38921 | 1 Netgear | 4 Wag302v2, Wag302v2 Firmware, Wg302v2 and 1 more | 2024-08-02 | 8.8 High |
| Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters. | ||||
| CVE-2023-38591 | 1 Netgear | 2 Dg834gv5, Dg834gv5 Firmware | 2024-08-02 | 8.8 High |
| Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer overflows via the wla_ssid and wla_temp_ssid parameters at bsw_ssid.cgi. | ||||
| CVE-2023-38412 | 1 Netgear | 2 R6900p, R6900p Firmware | 2024-08-02 | 8.8 High |
| Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi. | ||||
| CVE-2023-36499 | 1 Netgear | 2 Xr300, Xr300 Firmware | 2024-08-02 | 8.8 High |
| Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_wifi_change.cgi. | ||||
| CVE-2023-36187 | 1 Netgear | 30 Cbr40, Cbr40 Firmware, Lax20 and 27 more | 2024-08-02 | 9.8 Critical |
| Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd. | ||||
| CVE-2023-34563 | 1 Netgear | 2 R6250, R6250 Firmware | 2024-08-02 | 9.8 Critical |
| netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overflow after authentication. | ||||
| CVE-2023-33532 | 1 Netgear | 2 R6250, R6250 Firmware | 2024-08-02 | 9.8 Critical |
| There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges. | ||||
| CVE-2023-33533 | 1 Netgear | 8 D6220, D6220 Firmware, D8500 and 5 more | 2024-08-02 | 8.8 High |
| Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. If an attacker gains web management privileges, they can inject commands into the post request parameters, gaining shell privileges. | ||||
| CVE-2023-30280 | 1 Netgear | 4 R6700, R6700 Firmware, R6900 and 1 more | 2024-08-02 | 9.8 Critical |
| Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0.0.26 allows a remote attacker to execute arbitrary code and cause a denial ofservice via the getInputData parameter of the fwSchedule.cgi page. | ||||
| CVE-2023-28337 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2024-08-02 | 8.8 High |
| When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the device. | ||||
| CVE-2023-28338 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2024-08-02 | 7.5 High |
| Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s web service containing a “Content-Type” of “multipartboundary=” will result in the request body being written to “/tmp/mulipartFile” on the device itself. A sufficiently large file will cause device resources to be exhausted, resulting in the device becoming unusable until it is rebooted. | ||||
| CVE-2023-27850 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2024-08-02 | 6.8 Medium |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device. | ||||
| CVE-2023-27851 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2024-08-02 | 8.8 High |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that unintentionally allows users with upload permissions to execute arbitrary code on the device. | ||||
| CVE-2023-27853 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2024-08-02 | 9.8 Critical |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device. | ||||