Filtered by vendor Netgear Subscriptions
Filtered by product R7000p Subscriptions
Total 124 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-36187 1 Netgear 30 Cbr40, Cbr40 Firmware, Lax20 and 27 more 2024-11-21 9.8 Critical
Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd.
CVE-2022-48322 1 Netgear 12 Mr60, Mr60 Firmware, Ms60 and 9 more 2024-11-21 9.8 Critical
NETGEAR Nighthawk WiFi Mesh systems and routers are affected by a stack-based buffer overflow vulnerability. This affects MR60 before 1.1.7.132, MS60 before 1.1.7.132, R6900P before 1.3.3.154, R7000P before 1.3.3.154, R7960P before 1.4.4.94, and R8000P before 1.4.4.94.
CVE-2022-48196 1 Netgear 18 R6400v2, R6400v2 Firmware, R6700v3 and 15 more 2024-11-21 7.4 High
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.122, R6900P before 1.3.3.152, R7000P before 1.3.3.152, R7000 before 1.0.11.136, R7960P before 1.4.4.94, and R8000P before 1.4.4.94.
CVE-2022-48176 1 Netgear 12 Mr60, Mr60 Firmware, Ms60 and 9 more 2024-11-21 7.8 High
Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow.
CVE-2022-44200 1 Netgear 2 R7000p, R7000p Firmware 2024-11-21 9.8 Critical
Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow via parameters: stamode_dns1_pri and stamode_dns1_sec.
CVE-2022-44199 1 Netgear 2 R7000p, R7000p Firmware 2024-11-21 9.8 Critical
Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_server_ip.
CVE-2022-44198 1 Netgear 2 R7000p, R7000p Firmware 2024-11-21 9.8 Critical
Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_push1.
CVE-2022-44197 1 Netgear 2 R7000p, R7000p Firmware 2024-11-21 9.8 Critical
Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_server_ip.
CVE-2022-44196 1 Netgear 2 R7000p, R7000p Firmware 2024-11-21 9.8 Critical
Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_push1.
CVE-2022-44194 1 Netgear 2 R7000p, R7000p Firmware 2024-11-21 9.8 Critical
Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters apmode_dns1_pri and apmode_dns1_sec.
CVE-2022-44193 1 Netgear 2 R7000p, R7000p Firmware 2024-11-21 9.8 Critical
Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameters: starthour, startminute , endhour, and endminute.
CVE-2022-44191 1 Netgear 2 R7000p, R7000p Firmware 2024-11-21 9.8 Critical
Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameters KEY1 and KEY2.
CVE-2022-44190 1 Netgear 2 R7000p, R7000p Firmware 2024-11-21 9.8 Critical
Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter enable_band_steering.
CVE-2022-44188 1 Netgear 2 R7000p, R7000p Firmware 2024-11-21 9.8 Critical
Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter enable_band_steering.
CVE-2022-44187 1 Netgear 2 R7000p, R7000p Firmware 2024-11-21 9.8 Critical
Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via wan_dns1_pri.
CVE-2022-44186 1 Netgear 2 R7000p, R7000p Firmware 2024-11-21 9.8 Critical
Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_pri.
CVE-2022-44184 1 Netgear 2 R7000p, R7000p Firmware 2024-11-21 9.8 Critical
Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_sec.
CVE-2022-27647 1 Netgear 66 Cax80, Cax80 Firmware, Lax20 and 63 more 2024-11-21 8.0 High
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874.
CVE-2022-27646 1 Netgear 48 Cbr40, Cbr40 Firmware, Lbr1020 and 45 more 2024-11-21 8.8 High
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15879.
CVE-2022-27644 1 Netgear 48 Cbr40, Cbr40 Firmware, Lbr1020 and 45 more 2024-11-21 8.8 High
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797.