Vendor CVEs
Netgear
All CVEs
1,327 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-0419 | Med | 0.29 | — | 0.00 | Jun 9, 2026 | Insufficient input validation in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows users connected to the local WiFi Networks to execute operating system commands. NETGEAR JR6150 has reached End-of-Support phase as of 2018 , and no further… | ||
| CVE-2026-0418 | Med | 0.28 | — | 0.00 | Jun 9, 2026 | Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system. | ||
| CVE-2026-0417 | Med | 0.28 | — | 0.00 | Jun 9, 2026 | Insufficient input validation vulnerability in the listed NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity. | ||
| CVE-2026-0416 | Med | 0.28 | — | 0.00 | Jun 9, 2026 | An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with local network access to submit crafted input that bypasses intended management interface restrictions, resulting in unauthorized modification of… | ||
| CVE-2026-0415 | Med | 0.28 | — | 0.00 | Jun 9, 2026 | Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality. | ||
| CVE-2026-0414 | Med | 0.28 | — | 0.00 | Jun 9, 2026 | Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality. | ||
| CVE-2026-0413 | Med | 0.28 | — | 0.00 | Jun 9, 2026 | A buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality. | ||
| CVE-2026-0412 | Med | 0.28 | — | 0.00 | Jun 9, 2026 | Insufficient input validation vulnerability in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached… | ||
| CVE-2026-0411 | Med | 0.27 | — | 0.00 | Jun 9, 2026 | An information disclosure vulnerability in the NETGEAR Orbi satellites (RBR/RBE/RBS Series) could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability. Orbi WiFi Systems without… | ||
| CVE-2017-2137 | Low | 0.24 | 3.7 | 0.01 | Apr 28, 2017 | ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests. | ||
| CVE-2020-26919 | 0.20 | — | 0.57 | KEV | Oct 9, 2020 | NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level. | ||
| CVE-2026-0410 | Low | 0.12 | — | 0.00 | Jun 9, 2026 | Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality. | ||
| CVE-2013-10061 | 0.10 | — | 0.04 | Aug 1, 2025 | An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neutralization, enabling… | |||
| CVE-2013-10060 | 0.09 | — | 0.05 | Aug 1, 2025 | An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the… | |||
| CVE-2024-12847 | 0.09 | — | 0.29 | Jan 10, 2025 | NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been… | |||
| CVE-2023-38098 | 0.09 | — | 0.10 | May 3, 2024 | NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although… | |||
| CVE-2023-38096 | 0.09 | — | 0.83 | May 3, 2024 | NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of NETGEAR ProSAFE Network Management System. Authentication is not required to… | |||
| CVE-2013-2751 | 0.09 | — | 0.72 | Dec 12, 2013 | Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow." | |||
| CVE-2020-10924 | 0.08 | — | 0.87 | Jul 28, 2020 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The… | |||
| CVE-2020-10923 | 0.08 | — | 0.85 | Jul 28, 2020 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on… | |||
| CVE-2024-30568 | 0.07 | — | 0.47 | Apr 3, 2024 | Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter. | |||
| CVE-2021-20167 | 0.07 | — | 0.08 | Dec 30, 2021 | Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter. | |||
| CVE-2021-45511 | 0.07 | — | 0.18 | Dec 26, 2021 | Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021-08-27, AC2600 before 2021-08-27, D7000 before 2021-08-27, R6220 before 2021-08-27, R6230 before 2021-08-27, R6260 before 2021-08-27, R6330 before 2021-08-27,… | |||
| CVE-2020-27866 | 0.07 | — | 0.09 | Feb 11, 2021 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required… | |||
| CVE-2024-5505 | 0.06 | — | 0.47 | Jun 6, 2024 | NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is… | |||
| CVE-2024-5246 | 0.06 | — | 0.31 | May 23, 2024 | NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this… | |||
| CVE-2022-29383 | 0.06 | — | 0.49 | May 13, 2022 | NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi. | |||
| CVE-2021-27273 | 0.06 | — | 0.65 | Mar 29, 2021 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The… | |||
| CVE-2021-27272 | 0.06 | — | 0.74 | Mar 29, 2021 | This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The… | |||
| CVE-2024-5247 | 0.05 | — | 0.27 | May 23, 2024 | NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is… | |||
| CVE-2021-20166 | 0.05 | — | 0.02 | Dec 30, 2021 | Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton. | |||
| CVE-2021-27276 | 0.05 | — | 0.72 | Mar 29, 2021 | This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The… | |||
| CVE-2021-27275 | 0.05 | — | 0.73 | Mar 29, 2021 | This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication… | |||
| CVE-2006-5972 | 0.05 | — | 0.19 | Nov 18, 2006 | Stack-based buffer overflow in WG111v2.SYS in NetGear WG111v2 wireless adapter (USB) allows remote attackers to execute arbitrary code via a long 802.11 beacon request. | |||
| CVE-2024-57046 | 0.04 | — | 0.02 | Feb 18, 2025 | A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication. | |||
| CVE-2021-31802 | 0.04 | — | 0.14 | Apr 26, 2021 | NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. An attacker can leverage this to execute code as root. The problem is that a… | |||
| CVE-2021-27274 | 0.04 | — | 0.08 | Mar 29, 2021 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUploadController class.… | |||
| CVE-2014-4927 | 0.04 | — | 0.11 | Jul 24, 2014 | Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request. | |||
| CVE-2013-4776 | 0.04 | — | 0.07 | Dec 19, 2013 | NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/. | |||
| CVE-2013-4775 | 0.04 | — | 0.15 | Dec 19, 2013 | NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to… | |||
| CVE-2009-2258 | 0.04 | — | 0.07 | Jun 30, 2009 | Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter. | |||
| CVE-2009-2257 | 0.04 | — | 0.07 | Jun 30, 2009 | The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and… | |||
| CVE-2009-2256 | 0.04 | — | 0.07 | Jun 30, 2009 | The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg. | |||
| CVE-2009-0680 | 0.04 | — | 0.08 | Feb 22, 2009 | cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences. | |||
| CVE-2006-6125 | 0.04 | — | 0.14 | Nov 27, 2006 | Heap-based buffer overflow in the wireless driver (WG311ND5.SYS) 2.3.1.10 for NetGear WG311v1 wireless adapter allows remote attackers to execute arbitrary code via an 802.11 management frame with a long SSID. | |||
| CVE-2006-6059 | 0.04 | — | 0.19 | Nov 22, 2006 | Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear MA521 PCMCIA adapter allows remote attackers to execute arbitrary code via (1) beacon or (2) probe 802.11 frame responses with an long supported rates information element. NOTE: this issue was reported as a… | |||
| CVE-2023-44450 | 0.03 | — | 0.54 | May 3, 2024 | NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is… | |||
| CVE-2023-48725 | 0.03 | — | 0.20 | Mar 7, 2024 | A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this… | |||
| CVE-2008-6122 | 0.03 | — | 0.03 | Feb 11, 2009 | The web management interface in Netgear WGR614v9 allows remote attackers to cause a denial of service (crash) via a request that contains a question mark ("?"). | |||
| CVE-2007-5562 | 0.03 | — | 0.02 | Oct 18, 2007 | Cross-site scripting (XSS) vulnerability in cgi-bin/welcome (aka the login page) in Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 allows remote attackers to inject arbitrary web script or HTML via the err parameter in the context of an error page. |
- risk 0.29cvss —epss 0.00
Insufficient input validation in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows users connected to the local WiFi Networks to execute operating system commands. NETGEAR JR6150 has reached End-of-Support phase as of 2018 , and no further…
- risk 0.28cvss —epss 0.00
Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system.
- risk 0.28cvss —epss 0.00
Insufficient input validation vulnerability in the listed NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity.
- risk 0.28cvss —epss 0.00
An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with local network access to submit crafted input that bypasses intended management interface restrictions, resulting in unauthorized modification of…
- risk 0.28cvss —epss 0.00
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
- risk 0.28cvss —epss 0.00
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
- risk 0.28cvss —epss 0.00
A buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
- risk 0.28cvss —epss 0.00
Insufficient input validation vulnerability in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached…
- risk 0.27cvss —epss 0.00
An information disclosure vulnerability in the NETGEAR Orbi satellites (RBR/RBE/RBS Series) could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability. Orbi WiFi Systems without…
- risk 0.24cvss 3.7epss 0.01
ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests.
- risk 0.20cvss —epss 0.57
NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level.
- risk 0.12cvss —epss 0.00
Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality.
- CVE-2013-10061Aug 1, 2025risk 0.10cvss —epss 0.04
An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neutralization, enabling…
- CVE-2013-10060Aug 1, 2025risk 0.09cvss —epss 0.05
An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the…
- CVE-2024-12847Jan 10, 2025risk 0.09cvss —epss 0.29
NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been…
- CVE-2023-38098May 3, 2024risk 0.09cvss —epss 0.10
NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although…
- CVE-2023-38096May 3, 2024risk 0.09cvss —epss 0.83
NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of NETGEAR ProSAFE Network Management System. Authentication is not required to…
- CVE-2013-2751Dec 12, 2013risk 0.09cvss —epss 0.72
Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow."
- CVE-2020-10924Jul 28, 2020risk 0.08cvss —epss 0.87
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The…
- CVE-2020-10923Jul 28, 2020risk 0.08cvss —epss 0.85
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on…
- CVE-2024-30568Apr 3, 2024risk 0.07cvss —epss 0.47
Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter.
- CVE-2021-20167Dec 30, 2021risk 0.07cvss —epss 0.08
Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter.
- CVE-2021-45511Dec 26, 2021risk 0.07cvss —epss 0.18
Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021-08-27, AC2600 before 2021-08-27, D7000 before 2021-08-27, R6220 before 2021-08-27, R6230 before 2021-08-27, R6260 before 2021-08-27, R6330 before 2021-08-27,…
- CVE-2020-27866Feb 11, 2021risk 0.07cvss —epss 0.09
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required…
- CVE-2024-5505Jun 6, 2024risk 0.06cvss —epss 0.47
NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is…
- CVE-2024-5246May 23, 2024risk 0.06cvss —epss 0.31
NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this…
- CVE-2022-29383May 13, 2022risk 0.06cvss —epss 0.49
NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi.
- CVE-2021-27273Mar 29, 2021risk 0.06cvss —epss 0.65
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The…
- CVE-2021-27272Mar 29, 2021risk 0.06cvss —epss 0.74
This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The…
- CVE-2024-5247May 23, 2024risk 0.05cvss —epss 0.27
NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is…
- CVE-2021-20166Dec 30, 2021risk 0.05cvss —epss 0.02
Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton.
- CVE-2021-27276Mar 29, 2021risk 0.05cvss —epss 0.72
This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The…
- CVE-2021-27275Mar 29, 2021risk 0.05cvss —epss 0.73
This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication…
- CVE-2006-5972Nov 18, 2006risk 0.05cvss —epss 0.19
Stack-based buffer overflow in WG111v2.SYS in NetGear WG111v2 wireless adapter (USB) allows remote attackers to execute arbitrary code via a long 802.11 beacon request.
- CVE-2024-57046Feb 18, 2025risk 0.04cvss —epss 0.02
A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication.
- CVE-2021-31802Apr 26, 2021risk 0.04cvss —epss 0.14
NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. An attacker can leverage this to execute code as root. The problem is that a…
- CVE-2021-27274Mar 29, 2021risk 0.04cvss —epss 0.08
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUploadController class.…
- CVE-2014-4927Jul 24, 2014risk 0.04cvss —epss 0.11
Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request.
- CVE-2013-4776Dec 19, 2013risk 0.04cvss —epss 0.07
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/.
- CVE-2013-4775Dec 19, 2013risk 0.04cvss —epss 0.15
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to…
- CVE-2009-2258Jun 30, 2009risk 0.04cvss —epss 0.07
Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter.
- CVE-2009-2257Jun 30, 2009risk 0.04cvss —epss 0.07
The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and…
- CVE-2009-2256Jun 30, 2009risk 0.04cvss —epss 0.07
The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg.
- CVE-2009-0680Feb 22, 2009risk 0.04cvss —epss 0.08
cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences.
- CVE-2006-6125Nov 27, 2006risk 0.04cvss —epss 0.14
Heap-based buffer overflow in the wireless driver (WG311ND5.SYS) 2.3.1.10 for NetGear WG311v1 wireless adapter allows remote attackers to execute arbitrary code via an 802.11 management frame with a long SSID.
- CVE-2006-6059Nov 22, 2006risk 0.04cvss —epss 0.19
Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear MA521 PCMCIA adapter allows remote attackers to execute arbitrary code via (1) beacon or (2) probe 802.11 frame responses with an long supported rates information element. NOTE: this issue was reported as a…
- CVE-2023-44450May 3, 2024risk 0.03cvss —epss 0.54
NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is…
- CVE-2023-48725Mar 7, 2024risk 0.03cvss —epss 0.20
A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this…
- CVE-2008-6122Feb 11, 2009risk 0.03cvss —epss 0.03
The web management interface in Netgear WGR614v9 allows remote attackers to cause a denial of service (crash) via a request that contains a question mark ("?").
- CVE-2007-5562Oct 18, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in cgi-bin/welcome (aka the login page) in Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 allows remote attackers to inject arbitrary web script or HTML via the err parameter in the context of an error page.
Page 2 of 27