Filtered by vendor Netgear
Subscriptions
Total
1264 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0850 | 1 Netgear | 2 Wndr3700, Wndr3700 Firmware | 2024-11-21 | 2.7 Low |
| A vulnerability was found in Netgear WNDR3700v2 1.0.1.14 and classified as problematic. This issue affects some unknown processing of the component Web Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221153 was assigned to this vulnerability. | ||||
| CVE-2023-0849 | 1 Netgear | 2 Wndr3700, Wndr3700 Firmware | 2024-11-21 | 4.7 Medium |
| A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221152. | ||||
| CVE-2023-0848 | 1 Netgear | 2 Wndr3700, Wndr3700 Firmware | 2024-11-21 | 5.3 Medium |
| A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. It has been rated as problematic. This issue affects some unknown processing of the component Web Management Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221147. | ||||
| CVE-2022-38956 | 1 Netgear | 2 Wpn824ext, Wpn824ext Firmware | 2024-11-21 | 5.3 Medium |
| An exploitable firmware downgrade vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to replace the user-uploaded firmware image with an original old firmware image. This affects Firmware 1.1.1_1.1.9 and earlier. | ||||
| CVE-2022-38955 | 1 Netgear | 2 Wpn824ext, Wpn824ext Firmware | 2024-11-21 | 7.5 High |
| An exploitable firmware modification vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the CRC check. A successful attack can either introduce a backdoor to the device or make the device DoS. This affects Firmware Version: 1.1.1_1.1.9. | ||||
| CVE-2022-37235 | 1 Netgear | 2 R7000, R7000 Firmware | 2024-11-21 | 9.8 Critical |
| Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncat | ||||
| CVE-2022-37234 | 1 Netgear | 2 R7000, R7000 Firmware | 2024-11-21 | 7.8 High |
| Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncpy. | ||||
| CVE-2022-37232 | 1 Netgear | 2 Wnr2000v4, Wnr2000v4 Firmware | 2024-11-21 | 9.8 Critical |
| Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable to Buffer Overflow via uhttpd. There is a stack overflow vulnerability caused by strcpy. | ||||
| CVE-2022-36429 | 1 Netgear | 2 Rbs750, Rbs750 Firmware | 2024-11-21 | 7.2 High |
| A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability. | ||||
| CVE-2022-31937 | 1 Netgear | 2 Wnr2000v4, Wnr2000v4 Firmware | 2024-11-21 | 9.8 Critical |
| Netgear N300 wireless router wnr2000v4-V1.0.0.70 was discovered to contain a stack overflow via strcpy in uhttpd. | ||||
| CVE-2022-31876 | 1 Netgear | 2 Wnap320, Wnap320 Firmware | 2024-11-21 | 5.3 Medium |
| netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies. | ||||
| CVE-2022-30079 | 1 Netgear | 1 R6200 | 2024-11-21 | 8.8 High |
| Command injection vulnerability was discovered in Netgear R6200 v2 firmware through R6200v2-V1.0.3.12 via binary /sbin/acos_service that could allow remote authenticated attackers the ability to modify values in the vulnerable parameter. | ||||
| CVE-2022-30078 | 1 Netgear | 4 R6200, R6200 Firmware, R6300 and 1 more | 2024-11-21 | 8.8 High |
| NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware versions through R6300v2-V1.0.4.52_10.0.93 allow remote authenticated attackers to execute arbitrary command via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameters. | ||||
| CVE-2022-29383 | 1 Netgear | 2 Ssl312, Ssl312 Firmware | 2024-11-21 | 9.8 Critical |
| NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi. | ||||
| CVE-2022-27947 | 1 Netgear | 2 R8500, R8500 Firmware | 2024-11-21 | 8.8 High |
| NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameter. | ||||
| CVE-2022-27946 | 1 Netgear | 2 R8500, R8500 Firmware | 2024-11-21 | 8.8 High |
| NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_account.cgi. | ||||
| CVE-2022-27945 | 1 Netgear | 2 R8500, R8500 Firmware | 2024-11-21 | 8.8 High |
| NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to password.cgi. | ||||
| CVE-2022-24655 | 1 Netgear | 8 Cax80, Cax80 Firmware, Dc112a and 5 more | 2024-11-21 | 7.8 High |
| A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1.2.6, and DC112A 1.0.0.62, which may lead to the execution of arbitrary code without authentication. | ||||
| CVE-2021-46382 | 1 Netgear | 2 Wac120 Ac, Wac120 Ac Firmware | 2024-11-21 | 6.1 Medium |
| Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking. | ||||
| CVE-2021-45732 | 1 Netgear | 2 R6700, R6700 Firmware | 2024-11-21 | 8.8 High |
| Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded credential. It does not appear that normal users are intended to be able to manipulate configuration backups due to the fact that they are encrypted/obfuscated. By extracting the configuration using readily available public tools, a user can reconfigure settings not intended to be manipulated, repackage the configuration, and restore a backup causing these settings to be changed. | ||||