XR1000v2
by Netgear
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-25246 | Hig | 0.53 | 8.1 | 0.01 | Feb 5, 2025 | NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 before 2.3.2.134 allow remote code execution by unauthenticated users. | ||
| CVE-2024-35517 | 0.01 | — | 0.14 | Oct 11, 2024 | Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter. | |||
| CVE-2026-0406 | 0.00 | — | 0.00 | Jan 13, 2026 | An insufficient input validation vulnerability in the NETGEAR XR1000v2 allows attackers connected to the router's LAN to execute OS command injections. | |||
| CVE-2021-34870 | 0.00 | — | 0.01 | Jan 25, 2022 | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 1.0.0.52_1.0.38 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP… |
- risk 0.53cvss 8.1epss 0.01
NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 before 2.3.2.134 allow remote code execution by unauthenticated users.
- CVE-2024-35517Oct 11, 2024risk 0.01cvss —epss 0.14
Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter.
- CVE-2026-0406Jan 13, 2026risk 0.00cvss —epss 0.00
An insufficient input validation vulnerability in the NETGEAR XR1000v2 allows attackers connected to the router's LAN to execute OS command injections.
- CVE-2021-34870Jan 25, 2022risk 0.00cvss —epss 0.01
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 1.0.0.52_1.0.38 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP…