VYPR

XR1000v2

by Netgear

CVEs (4)

  • CVE-2025-25246HigFeb 5, 2025
    risk 0.53cvss 8.1epss 0.01

    NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 before 2.3.2.134 allow remote code execution by unauthenticated users.

  • CVE-2024-35517Oct 11, 2024
    risk 0.01cvss epss 0.14

    Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter.

  • CVE-2026-0406Jan 13, 2026
    risk 0.00cvss epss 0.00

    An insufficient input validation vulnerability in the NETGEAR XR1000v2 allows attackers connected to the router's LAN to execute OS command injections.

  • CVE-2021-34870Jan 25, 2022
    risk 0.00cvss epss 0.01

    This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 1.0.0.52_1.0.38 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP…