VYPR

Vendor CVEs

Netgear

All CVEs

1,327 total · sorted by risk
  • CVE-2020-11768Apr 15, 2020
    risk 0.00cvss epss 0.01

    Certain NETGEAR devices are affected by Stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26,…

  • CVE-2019-20767Apr 15, 2020
    risk 0.00cvss epss 0.01

    Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, D3600 before 1.0.0.75, D6000 before 1.0.0.75, R9000 before 1.0.4.26, R8900 before 1.0.4.26, R7800 before 1.0.2.52, WNDR4500v3 before 1.0.0.58,…

  • CVE-2018-11106Apr 1, 2020
    risk 0.00cvss epss 0.03

    NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running…

  • CVE-2016-11022Mar 23, 2020
    risk 0.00cvss epss 0.03

    NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to login_handler.php.

  • CVE-2019-19964Mar 23, 2020
    risk 0.00cvss epss 0.01

    On NETGEAR GS728TPS devices through 5.3.0.35, a remote attacker having network connectivity to the web-administration panel can access part of the web panel, bypassing authentication.

  • CVE-2019-13393Mar 13, 2020
    risk 0.00cvss epss 0.01

    The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this…

  • CVE-2019-13394Mar 13, 2020
    risk 0.00cvss epss 0.01

    The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP.

  • CVE-2019-13395Mar 13, 2020
    risk 0.00cvss epss 0.00

    The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF against all /goform/ URIs. An attacker can modify all settings including WEP/WPA/WPA2 keys, restore the router to factory settings, or even upload an entire malicious configuration file.

  • CVE-2019-20486Mar 2, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple pages (setup.cgi and adv_index.htm) within the web management console are vulnerable to stored XSS, as demonstrated by the configuration of the UI language.

  • CVE-2019-20488Mar 2, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the web management interface (setup.cgi) are vulnerable to command injection, allowing remote attackers to execute arbitrary commands, as demonstrated by shell metacharacters in the sysDNSHost…

  • CVE-2019-20489Mar 2, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. The web management interface (setup.cgi) has an authentication bypass and other problems that ultimately allow an attacker to remotely compromise the device from a malicious webpage. The attacker sends an…

  • CVE-2019-20487Mar 2, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the WNR1000V4 web management console are vulnerable to an unauthenticated GET request (exploitable directly or through CSRF), as demonstrated by the setup.cgi?todo=save_htp_account URI.

  • CVE-2019-12513Feb 24, 2020
    risk 0.00cvss epss 0.01

    In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will generate a log entry containing…

  • CVE-2019-12512Feb 24, 2020
    risk 0.00cvss epss 0.01

    In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login attempt. The value supplied by this header will be inserted into administrative…

  • CVE-2019-12511Feb 24, 2020
    risk 0.00cvss epss 0.02

    In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced…

  • CVE-2019-12510Feb 24, 2020
    risk 0.00cvss epss 0.01

    In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API ("/soap/server_sa") by supplying a malicious X-Forwarded-For header of the device's LAN IP address (192.168.1.1) in every request. As a…

  • CVE-2014-3919Feb 13, 2020
    risk 0.00cvss epss 0.01

    A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information.

  • CVE-2019-17137Feb 10, 2020
    risk 0.00cvss epss 0.03

    This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The specific flaw exists within the…

  • CVE-2012-6341Feb 6, 2020
    risk 0.00cvss epss 0.01

    An Information Disclosure vulnerability exists in the my config file in NEtGEAR WGR614 v7 and v9, which could let a malicious user recover all previously used passwords on the device, for both the control panel and WEP/WPA/WPA2, in plaintext. This is a different issue than…

  • CVE-2012-6340Feb 6, 2020
    risk 0.00cvss epss 0.01

    An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to CVE-2006-1002.

  • CVE-2013-3317Jan 29, 2020
    risk 0.00cvss epss 0.05

    Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key.

  • CVE-2013-3316Jan 29, 2020
    risk 0.00cvss epss 0.05

    Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg".

  • CVE-2013-3074Jan 28, 2020
    risk 0.00cvss epss 0.02

    NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device crash).

  • CVE-2013-3071Jan 28, 2020
    risk 0.00cvss epss 0.02

    NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass.

  • CVE-2013-3070Nov 14, 2019
    risk 0.00cvss epss 0.02

    An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN.

  • CVE-2013-3072Nov 14, 2019
    risk 0.00cvss epss 0.02

    An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration…

  • CVE-2013-3073Nov 14, 2019
    risk 0.00cvss epss 0.04

    A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34.

  • CVE-2013-3516Nov 13, 2019
    risk 0.00cvss epss 0.01

    NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens.

  • CVE-2013-3517Nov 13, 2019
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U and WNR3500L.

  • CVE-2013-4657Nov 13, 2019
    risk 0.00cvss epss 0.02

    Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service.

  • CVE-2016-11014Oct 16, 2019
    risk 0.00cvss epss 0.03

    NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case.

  • CVE-2016-11015Oct 16, 2019
    risk 0.00cvss epss 0.01

    NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL parameter.

  • CVE-2016-11016Oct 16, 2019
    risk 0.00cvss epss 0.02

    NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS.

  • CVE-2019-17373Oct 9, 2019
    risk 0.00cvss epss 0.02

    Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2.

  • CVE-2019-17372Oct 9, 2019
    risk 0.00cvss epss 0.02

    Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. The attacker can then, for example, visit MNU_accessPassword_recovered.html to obtain a valid new admin password. This affects AC1450, D8500, DC112A,…

  • CVE-2019-17049Sep 30, 2019
    risk 0.00cvss epss 0.01

    NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account.

  • CVE-2019-5055Sep 11, 2019
    risk 0.00cvss epss 0.02

    An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in an invalid sequence to the <WFAWLANConfig:1#PutMessage> service can cause a…

  • CVE-2019-14527Aug 14, 2019
    risk 0.00cvss epss 0.03

    An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. System commands can be executed, via the web interface, after authentication.

  • CVE-2019-14526Aug 14, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface Cross-Site Request Forgery token is stored in a dynamically generated JavaScript file, and therefore can be embedded in third party pages, and re-used against the Nighthawk web…

  • CVE-2016-10864Aug 8, 2019
    risk 0.00cvss epss 0.01

    NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID.

  • CVE-2019-14363Jul 28, 2019
    risk 0.00cvss epss 0.03

    A stack-based buffer overflow in the upnpd binary running on NETGEAR WNDR3400v3 routers with firmware version 1.0.1.18_1.0.63 allows an attacker to remotely execute arbitrary code via a crafted UPnP SSDP packet.

  • CVE-2019-5017Jun 17, 2019
    risk 0.00cvss epss 0.02

    An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An unauthenticated, remote attacker can…

  • CVE-2019-5016Jun 17, 2019
    risk 0.00cvss epss 0.04

    An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause…

  • CVE-2019-12591Jun 3, 2019
    risk 0.00cvss epss 0.01

    NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection.

  • CVE-2014-4864Sep 10, 2014
    risk 0.00cvss epss 0.01

    The NETGEAR ProSafe Plus Configuration Utility creates configuration backup files containing cleartext passwords, which might allow remote attackers to obtain sensitive information by reading a file.

  • CVE-2014-2969Jul 7, 2014
    risk 0.00cvss epss 0.02

    NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1)…

  • CVE-2013-3069Apr 25, 2014
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4)…

  • CVE-2013-2752Dec 12, 2013
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users.

  • CVE-2012-2439Apr 28, 2012
    risk 0.00cvss epss 0.02

    The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors.

  • CVE-2011-1674Apr 10, 2011
    risk 0.00cvss epss 0.03

    The NetGear ProSafe WNAP210 with firmware 2.0.12 allows remote attackers to bypass authentication and obtain access to the configuration page by visiting recreate.php and then visiting index.php.

Page 26 of 27