Filtered by vendor Netgear
Subscriptions
Total
1226 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-48176 | 1 Netgear | 12 Mr60, Mr60 Firmware, Ms60 and 9 more | 2025-03-28 | 7.8 High |
| Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow. | ||||
| CVE-2023-23110 | 1 Netgear | 18 D6100, D6100 Firmware, Dgn1000v3 and 15 more | 2025-03-26 | 7.4 High |
| An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification. This affects WNR612v2 Wireless Routers 1.0.0.3 and earlier, DGN1000v3 Modem Router 1.0.0.22 and earlier, D6100 WiFi DSL Modem Routers 1.0.0.63 and earlier, WNR1000v2 Wireless Routers 1.1.2.60 and earlier, XAVN2001v2 Wireless-N Extenders 0.4.0.7 and earlier, WNR2200 Wireless Routers 1.0.1.102 and earlier, WNR2500 Wireless Routers 1.0.0.34 and earlier, R8900 Smart WiFi Routers 1.0.3.6 and earlier, and R9000 Smart WiFi Routers 1.0.3.6 and earlier. | ||||
| CVE-2022-48322 | 1 Netgear | 12 Mr60, Mr60 Firmware, Ms60 and 9 more | 2025-03-21 | 9.8 Critical |
| NETGEAR Nighthawk WiFi Mesh systems and routers are affected by a stack-based buffer overflow vulnerability. This affects MR60 before 1.1.7.132, MS60 before 1.1.7.132, R6900P before 1.3.3.154, R7000P before 1.3.3.154, R7960P before 1.4.4.94, and R8000P before 1.4.4.94. | ||||
| CVE-2024-35518 | 1 Netgear | 2 Ex6120, Ex6120 Firmware | 2025-03-19 | 8.4 High |
| Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri parameter. | ||||
| CVE-2023-24498 | 1 Netgear | 2 Prosafe Fs726tp, Prosafe Fs726tp Firmware | 2025-03-18 | 7.5 High |
| An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text. | ||||
| CVE-2024-35519 | 1 Netgear | 6 Ex3700, Ex3700 Firmware, Ex6100 and 3 more | 2025-03-17 | 8.4 High |
| Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter. | ||||
| CVE-2017-6334 | 1 Netgear | 5 Dgn2200 Series Firmware, Dgn2200v1, Dgn2200v2 and 2 more | 2025-03-14 | 8.8 High |
| dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077. | ||||
| CVE-2017-6077 | 1 Netgear | 2 Dgn2200, Dgn2200 Firmware | 2025-03-14 | 9.8 Critical |
| ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request. | ||||
| CVE-2016-10174 | 1 Netgear | 56 D6100, D6100 Firmware, D7000 and 53 more | 2025-03-14 | 9.8 Critical |
| The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution. | ||||
| CVE-2017-5521 | 1 Netgear | 26 Ac1450, Ac1450 Firmware, D6220 and 23 more | 2025-03-14 | 8.1 High |
| An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simple crafted requests to the web management server. The bug is exploitable remotely if the remote management option is set, and can also be exploited given access to the router over LAN or WLAN. When trying to access the web panel, a user is asked to authenticate; if the authentication is canceled and password recovery is not enabled, the user is redirected to a page that exposes a password recovery token. If a user supplies the correct token to the page /passwordrecovered.cgi?id=TOKEN (and password recovery is not enabled), they will receive the admin password for the router. If password recovery is set the exploit will fail, as it will ask the user for the recovery questions that were previously set when enabling that feature. This is persistent (even after disabling the recovery option, the exploit will fail) because the router will ask for the security questions. | ||||
| CVE-2016-6277 | 1 Netgear | 22 D6220, D6220 Firmware, D6400 and 19 more | 2025-03-14 | 8.8 High |
| NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/. | ||||
| CVE-2024-30572 | 1 Netgear | 1 R6850 Firmware | 2025-03-13 | 8 High |
| Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntp_server parameter. | ||||
| CVE-2024-36787 | 1 Netgear | 1 Wnr614 Firmware | 2025-03-13 | 8.8 High |
| An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors. | ||||
| CVE-2024-35522 | 1 Netgear | 3 Ex3700, Ex3700 Ac750, Ex3700 Firmware | 2025-03-13 | 8.4 High |
| Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1 and ap_24g_manual_sec set to NotNone. | ||||
| CVE-2024-35517 | 1 Netgear | 2 Xr1000, Xr1000 Firmware | 2025-03-13 | 8.4 High |
| Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter. | ||||
| CVE-2023-48725 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-03-11 | 7.2 High |
| A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2023-27850 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-02-28 | 6.8 Medium |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device. | ||||
| CVE-2023-1205 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-02-28 | 8.8 High |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections. | ||||
| CVE-2023-27853 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-02-27 | 9.8 Critical |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device. | ||||
| CVE-2023-27851 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-02-27 | 8.8 High |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that unintentionally allows users with upload permissions to execute arbitrary code on the device. | ||||