VYPR

Vendor CVEs

Netgear

All CVEs

1,327 total · sorted by risk
  • CVE-2026-0419MedJun 9, 2026
    risk 0.29cvss epss 0.00

    Insufficient input validation in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows users connected to the local WiFi Networks to execute operating system commands. NETGEAR JR6150 has reached End-of-Support phase as of 2018 , and no further…

  • CVE-2026-0418MedJun 9, 2026
    risk 0.28cvss epss 0.00

    Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system.

  • CVE-2026-0417MedJun 9, 2026
    risk 0.28cvss epss 0.00

    Insufficient input validation vulnerability in the listed NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity.

  • CVE-2026-0416MedJun 9, 2026
    risk 0.28cvss epss 0.00

    An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with local network access to submit crafted input that bypasses intended management interface restrictions, resulting in unauthorized modification of…

  • CVE-2026-0415MedJun 9, 2026
    risk 0.28cvss epss 0.00

    Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.

  • CVE-2026-0414MedJun 9, 2026
    risk 0.28cvss epss 0.00

    Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.

  • CVE-2026-0413MedJun 9, 2026
    risk 0.28cvss epss 0.00

    A buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.

  • CVE-2026-0412MedJun 9, 2026
    risk 0.28cvss epss 0.00

    Insufficient input validation vulnerability in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached…

  • CVE-2026-0411MedJun 9, 2026
    risk 0.27cvss epss 0.00

    An information disclosure vulnerability in the NETGEAR Orbi satellites (RBR/RBE/RBS Series) could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability. Orbi WiFi Systems without…

  • CVE-2017-2137LowApr 28, 2017
    risk 0.24cvss 3.7epss 0.01

    ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests.

  • CVE-2020-26919KEVOct 9, 2020
    risk 0.20cvss epss 0.57

    NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level.

  • CVE-2026-0410LowJun 9, 2026
    risk 0.12cvss epss 0.00

    Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality.

  • CVE-2013-10061Aug 1, 2025
    risk 0.10cvss epss 0.04

    An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neutralization, enabling…

  • CVE-2013-10060Aug 1, 2025
    risk 0.09cvss epss 0.05

    An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the…

  • CVE-2024-12847Jan 10, 2025
    risk 0.09cvss epss 0.29

    NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been…

  • CVE-2023-38098May 3, 2024
    risk 0.09cvss epss 0.10

    NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although…

  • CVE-2023-38096May 3, 2024
    risk 0.09cvss epss 0.83

    NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of NETGEAR ProSAFE Network Management System. Authentication is not required to…

  • CVE-2013-2751Dec 12, 2013
    risk 0.09cvss epss 0.72

    Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow."

  • CVE-2020-10924Jul 28, 2020
    risk 0.08cvss epss 0.87

    This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The…

  • CVE-2020-10923Jul 28, 2020
    risk 0.08cvss epss 0.85

    This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on…

  • CVE-2024-30568Apr 3, 2024
    risk 0.07cvss epss 0.47

    Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter.

  • CVE-2021-20167Dec 30, 2021
    risk 0.07cvss epss 0.08

    Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter.

  • CVE-2021-45511Dec 26, 2021
    risk 0.07cvss epss 0.18

    Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021-08-27, AC2600 before 2021-08-27, D7000 before 2021-08-27, R6220 before 2021-08-27, R6230 before 2021-08-27, R6260 before 2021-08-27, R6330 before 2021-08-27,…

  • CVE-2020-27866Feb 11, 2021
    risk 0.07cvss epss 0.09

    This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required…

  • CVE-2024-5505Jun 6, 2024
    risk 0.06cvss epss 0.47

    NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is…

  • CVE-2024-5246May 23, 2024
    risk 0.06cvss epss 0.31

    NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this…

  • CVE-2022-29383May 13, 2022
    risk 0.06cvss epss 0.49

    NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi.

  • CVE-2021-27273Mar 29, 2021
    risk 0.06cvss epss 0.65

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The…

  • CVE-2021-27272Mar 29, 2021
    risk 0.06cvss epss 0.74

    This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The…

  • CVE-2024-5247May 23, 2024
    risk 0.05cvss epss 0.27

    NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is…

  • CVE-2021-20166Dec 30, 2021
    risk 0.05cvss epss 0.02

    Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router containers a buffer overrun issue that can redirection control flow of the applicaiton.

  • CVE-2021-27276Mar 29, 2021
    risk 0.05cvss epss 0.72

    This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The…

  • CVE-2021-27275Mar 29, 2021
    risk 0.05cvss epss 0.73

    This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication…

  • CVE-2006-5972Nov 18, 2006
    risk 0.05cvss epss 0.19

    Stack-based buffer overflow in WG111v2.SYS in NetGear WG111v2 wireless adapter (USB) allows remote attackers to execute arbitrary code via a long 802.11 beacon request.

  • CVE-2024-57046Feb 18, 2025
    risk 0.04cvss epss 0.02

    A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication.

  • CVE-2021-31802Apr 26, 2021
    risk 0.04cvss epss 0.14

    NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. An attacker can leverage this to execute code as root. The problem is that a…

  • CVE-2021-27274Mar 29, 2021
    risk 0.04cvss epss 0.08

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUploadController class.…

  • CVE-2014-4927Jul 24, 2014
    risk 0.04cvss epss 0.11

    Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request.

  • CVE-2013-4776Dec 19, 2013
    risk 0.04cvss epss 0.07

    NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/.

  • CVE-2013-4775Dec 19, 2013
    risk 0.04cvss epss 0.15

    NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to…

  • CVE-2009-2258Jun 30, 2009
    risk 0.04cvss epss 0.07

    Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter.

  • CVE-2009-2257Jun 30, 2009
    risk 0.04cvss epss 0.07

    The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and…

  • CVE-2009-2256Jun 30, 2009
    risk 0.04cvss epss 0.07

    The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg.

  • CVE-2009-0680Feb 22, 2009
    risk 0.04cvss epss 0.08

    cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences.

  • CVE-2006-6125Nov 27, 2006
    risk 0.04cvss epss 0.14

    Heap-based buffer overflow in the wireless driver (WG311ND5.SYS) 2.3.1.10 for NetGear WG311v1 wireless adapter allows remote attackers to execute arbitrary code via an 802.11 management frame with a long SSID.

  • CVE-2006-6059Nov 22, 2006
    risk 0.04cvss epss 0.19

    Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear MA521 PCMCIA adapter allows remote attackers to execute arbitrary code via (1) beacon or (2) probe 802.11 frame responses with an long supported rates information element. NOTE: this issue was reported as a…

  • CVE-2023-44450May 3, 2024
    risk 0.03cvss epss 0.54

    NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is…

  • CVE-2023-48725Mar 7, 2024
    risk 0.03cvss epss 0.20

    A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this…

  • CVE-2008-6122Feb 11, 2009
    risk 0.03cvss epss 0.03

    The web management interface in Netgear WGR614v9 allows remote attackers to cause a denial of service (crash) via a request that contains a question mark ("?").

  • CVE-2007-5562Oct 18, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in cgi-bin/welcome (aka the login page) in Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 allows remote attackers to inject arbitrary web script or HTML via the err parameter in the context of an error page.

Page 2 of 27