Filtered by vendor Netgear
Subscriptions
Total
1263 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5649 | 1 Netgear | 4 Dgn2200, Dgn2200 Firmware, Dgnd3700 and 1 more | 2024-11-21 | N/A |
| A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router's web interface. | ||||
| CVE-2016-5638 | 1 Netgear | 2 Wndr4500, Wndr4500 Firmware | 2024-11-21 | N/A |
| There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. A remote attacker can access genie_ping.htm or genie_ping2.htm or genie_ping3.htm page without authentication. Once accessed, the page will be redirected to the aCongratulations2.htma page, which reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text. | ||||
| CVE-2016-11060 | 1 Netgear | 8 Fvs318g, Fvs318g Firmware, Fvs318n and 5 more | 2024-11-21 | 7.5 High |
| Certain NETGEAR devices are affected by insecure renegotiation. This affects SRX5308 before 2017-02-10, FVS336Gv3 before 2017-02-10, FVS318N before 2017-02-10, and FVS318Gv2 before 2017-02-10. | ||||
| CVE-2016-11059 | 1 Netgear | 86 Ac1450, Ac1450 Firmware, C6300 and 83 more | 2024-11-21 | 7.5 High |
| Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before 2017-01-06, D500 before 2017-01-06, D1500 before 2017-01-06, D3600 before 2017-01-06, D6000 before 2017-01-06, D6100 before 2017-01-06, D6200 before 2017-01-06, D6200B before 2017-01-06, D6300B before 2017-01-06, D6300 before 2017-01-06, DGN1000v3 before 2017-01-06, DGN2200v1 before 2017-01-06, DGN2200v3 before 2017-01-06, DGN2200V4 before 2017-01-06, DGN2200Bv3 before 2017-01-06, DGN2200Bv4 before 2017-01-06, DGND3700v1 before 2017-01-06, DGND3700v2 before 2017-01-06, DGND3700Bv2 before 2017-01-06, JNR1010v1 before 2017-01-06, JNR1010v2 before 2017-01-06, JNR3300 before 2017-01-06, JR6100 before 2017-01-06, JR6150 before 2017-01-06, JWNR2000v5 before 2017-01-06, R2000 before 2017-01-06, R6050 before 2017-01-06, R6100 before 2017-01-06, R6200 before 2017-01-06, R6200v2 before 2017-01-06, R6220 before 2017-01-06, R6250 before 2017-01-06, R6300 before 2017-01-06, R6300v2 before 2017-01-06, R6700 before 2017-01-06, R7000 before 2017-01-06, R7900 before 2017-01-06, R7500 before 2017-01-06, R8000 before 2017-01-06, WGR614v10 before 2017-01-06, WNR1000v2 before 2017-01-06, WNR1000v3 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2000v3 before 2017-01-06, WNR2000v4 before 2017-01-06, WNR2000v5 before 2017-01-06, WNR2200 before 2017-01-06, WNR2500 before 2017-01-06, WNR3500Lv2 before 2017-01-06, WNDR3400v2 before 2017-01-06, WNDR3400v3 before 2017-01-06, WNDR3700v3 before 2017-01-06, WNDR3700v4 before 2017-01-06, WNDR3700v5 before 2017-01-06, WNDR4300 before 2017-01-06, WNDR4300v2 before 2017-01-06, WNDR4500v1 before 2017-01-06, WNDR4500v2 before 2017-01-06, and WNDR4500v3 before 2017-01-06. | ||||
| CVE-2016-11058 | 1 Netgear | 1 Genie | 2024-11-21 | 7.5 High |
| The NETGEAR genie application before 2.4.34 for Android is affected by mishandling of hard-coded API keys and session IDs. | ||||
| CVE-2016-11057 | 1 Netgear | 18 Jnr1010, Jnr1010 Firmware, Jwnr2000 and 15 more | 2024-11-21 | 7.5 High |
| Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, WNR2020 before 2017-01-06, JWNR2010v5 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2020v2 before 2017-01-06, R6220 before 2017-01-06, and WNDR3700v5 before 2017-01-06. | ||||
| CVE-2016-11056 | 1 Netgear | 1 Readynas Surveillance | 2024-11-21 | 8.8 High |
| Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier. | ||||
| CVE-2016-11055 | 1 Netgear | 26 Cm400, Cm400 Firmware, Cm600 and 23 more | 2024-11-21 | 4.3 Medium |
| Certain NETGEAR devices are affected by CSRF. This affects CM400 before 2017-01-11, CM600 before 2017-01-11, D1500 before 2017-01-11, D500 before 2017-01-11, DST6501 before 2017-01-11, JNR1010v1 before 2017-01-11, JWNR2000Tv3 before 2017-01-11, JWNR2010v3 before 2017-01-11, PLW1000 before 2017-01-11, PLW1010 before 2017-01-11, WNR500 before 2017-01-11, WNR612v3 before 2017-01-11, N450 before 2017-01-11, and CG3000Dv2 before 2017-01-11. | ||||
| CVE-2016-11054 | 1 Netgear | 2 Dgn2200, Dgn2200 Firmware | 2024-11-21 | 7.2 High |
| NETGEAR DGN2200v4 devices before 2017-01-06 are affected by command execution and an FTP insecure root directory. | ||||
| CVE-2016-11022 | 1 Netgear | 6 Prosafe Wc7520, Prosafe Wc7520 Firmware, Prosafe Wc7600 and 3 more | 2024-11-21 | 7.2 High |
| NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to login_handler.php. | ||||
| CVE-2016-11016 | 1 Netgear | 2 Jnr1010, Jnr1010 Firmware | 2024-11-21 | 6.1 Medium |
| NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS. | ||||
| CVE-2016-11015 | 1 Netgear | 2 Jnr1010, Jnr1010 Firmware | 2024-11-21 | 6.5 Medium |
| NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL parameter. | ||||
| CVE-2016-11014 | 1 Netgear | 2 Jnr1010, Jnr1010 Firmware | 2024-11-21 | 9.8 Critical |
| NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case. | ||||
| CVE-2016-10864 | 1 Netgear | 2 Ex7000, Ex7000 Firmware | 2024-11-21 | N/A |
| NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID. | ||||
| CVE-2014-3919 | 1 Netgear | 2 Cg3100, Cg3100 Firmware | 2024-11-21 | 9.3 Critical |
| A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information. | ||||
| CVE-2013-4657 | 1 Netgear | 4 Wnr3500l, Wnr3500l Firmware, Wnr3500u and 1 more | 2024-11-21 | 9.8 Critical |
| Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service. | ||||
| CVE-2013-3517 | 1 Netgear | 4 Wnr3500l, Wnr3500l Firmware, Wnr3500u and 1 more | 2024-11-21 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U and WNR3500L. | ||||
| CVE-2013-3516 | 1 Netgear | 4 Wnr3500l, Wnr3500l Firmware, Wnr3500u and 1 more | 2024-11-21 | 6.5 Medium |
| NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens. | ||||
| CVE-2013-3317 | 1 Netgear | 2 Wnr1000, Wnr1000 Firmware | 2024-11-21 | 9.8 Critical |
| Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key. | ||||
| CVE-2013-3316 | 1 Netgear | 2 Wnr1000, Wnr1000 Firmware | 2024-11-21 | 9.8 Critical |
| Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg". | ||||