Vendor CVEs
Netgear
All CVEs
1,327 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-1673 | 0.00 | — | 0.02 | Apr 10, 2011 | BackupConfig.php on the NetGear ProSafe WNAP210 allows remote attackers to obtain the administrator password by reading the configuration file. | |||
| CVE-2009-0052 | 0.00 | — | 0.01 | Nov 12, 2009 | The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and… | |||
| CVE-2008-1197 | 0.00 | — | 0.02 | Sep 5, 2008 | The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse the SSID information element in an association request, which allows remote authenticated users to cause a denial of service (device… | |||
| CVE-2008-1144 | 0.00 | — | 0.02 | Sep 5, 2008 | The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse EAPoL-Key packets, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute… | |||
| CVE-2007-4361 | 0.00 | — | 0.03 | Aug 15, 2007 | NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access. | |||
| CVE-2006-4765 | 0.00 | — | 0.01 | Sep 13, 2006 | NETGEAR DG834GT Wireless ADSL router running firmware 1.01.28 allows attackers to cause a denial of service (device hang) via a long string in the username field in the login window. | |||
| CVE-2006-4143 | 0.00 | — | 0.02 | Aug 15, 2006 | Netgear FVG318 running firmware 1.0.40 allows remote attackers to cause a denial of service (router reset) via TCP packets with bad checksums. | |||
| CVE-2006-1068 | 0.00 | — | 0.02 | Mar 7, 2006 | Netgear 614 and 624 routers, possibly running VXWorks, allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as… | |||
| CVE-2006-1003 | 0.00 | — | 0.02 | Mar 6, 2006 | The backup configuration option in NETGEAR WGT624 Wireless Firewall Router stores sensitive information in cleartext, which allows remote attackers to obtain passwords and gain privileges. | |||
| CVE-2006-1002 | 0.00 | — | 0.03 | Mar 6, 2006 | NETGEAR WGT624 Wireless DSL router has a default account of super_username "Gearguy" and super_passwd "Geardog", which allows remote attackers to modify the configuration. NOTE: followup posts have suggested that this might not occur with all WGT624 routers. | |||
| CVE-2005-4220 | 0.00 | — | 0.02 | Dec 14, 2005 | Netgear RP114, and possibly other versions and devices, allows remote attackers to cause a denial of service via a SYN flood attack between one system on the internal interface and another on the external interface, which temporarily stops routing between the interfaces, as… | |||
| CVE-2005-0328 | 0.00 | — | 0.01 | May 2, 2005 | Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest firmware, allows remote attackers on the WAN to obtain the IP address of the LAN side interface by pinging a valid LAN IP address, which generates an ARP reply from the WAN address side that maps the LAN IP… | |||
| CVE-2005-0291 | 0.00 | — | 0.01 | Jan 17, 2005 | Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via a blocked URL phrase. | |||
| CVE-2005-0290 | 0.00 | — | 0.02 | Jan 17, 2005 | NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to bypass the filters using hex encoded URLs, as demonstrated using a hex encoded file extension. | |||
| CVE-2004-2557 | 0.00 | — | 0.03 | Dec 31, 2004 | NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration. | |||
| CVE-2004-2556 | 0.00 | — | 0.03 | Dec 31, 2004 | NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration. | |||
| CVE-2004-0611 | 0.00 | — | 0.02 | Dec 6, 2004 | Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service (no new connections) via a large number of open HTTP connections. | |||
| CVE-2002-1892 | 0.00 | — | 0.01 | Dec 31, 2002 | NETGEAR FVS318 running firmware 1.1 stores the username and password in a readable format when a backup of the configuration file is made, which allows local users to obtain sensitive information. | |||
| CVE-2002-2020 | 0.00 | — | 0.02 | Dec 31, 2002 | Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default administrator password and accepts admin logins on the external interface, which allows remote attackers to gain privileges if the password is not changed. | |||
| CVE-2002-2354 | 0.00 | — | 0.02 | Dec 31, 2002 | Netgear FM114P firmware 1.3 wireless firewall allows remote attackers to cause a denial of service (crash or hang) via a large number of TCP connection requests. | |||
| CVE-2002-2116 | 0.00 | — | 0.02 | Dec 31, 2002 | Netgear RM-356 and RT-338 series SOHO routers allow remote attackers to cause a denial of service (crash) via a UDP port scan, as demonstrated using nmap. | |||
| CVE-2002-1877 | 0.00 | — | 0.02 | Dec 31, 2002 | NETGEAR FM114P allows remote attackers to bypass access restrictions for web sites via a URL that uses the IP address instead of the hostname. | |||
| CVE-2002-2355 | 0.00 | — | 0.01 | Dec 31, 2002 | Netgear FM114P firmware 1.3 wireless firewall, when configured to backup configuration information, stores DDNS (DynDNS) user name and password, MAC address filtering table and possibly other information in cleartext, which could allow local users to obtain sensitive information. | |||
| CVE-2002-0238 | 0.00 | — | 0.02 | May 29, 2002 | Cross-site scripting vulnerability in web administration interface for NetGear RT314 and RT311 Gateway Routers allows remote attackers to execute arbitrary script on another client via a URL that contains the script. | |||
| CVE-2002-0127 | 0.00 | — | 0.01 | Mar 25, 2002 | Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured to block traffic below port 1024, allows remote attackers to cause a denial of service (hang) via a port scan of the WAN port. | |||
| CVE-2001-0888 | 0.00 | — | 0.02 | Dec 21, 2001 | Atmel Firmware 1.3 Wireless Access Point (WAP) allows remote attackers to cause a denial of service via a SNMP request with (1) a community string other than "public" or (2) an unknown OID, which causes the WAP to deny subsequent SNMP requests. | |||
| CVE-2001-0514 | 0.00 | — | 0.02 | Jul 21, 2001 | SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of… |
- CVE-2011-1673Apr 10, 2011risk 0.00cvss —epss 0.02
BackupConfig.php on the NetGear ProSafe WNAP210 allows remote attackers to obtain the administrator password by reading the configuration file.
- CVE-2009-0052Nov 12, 2009risk 0.00cvss —epss 0.01
The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and…
- CVE-2008-1197Sep 5, 2008risk 0.00cvss —epss 0.02
The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse the SSID information element in an association request, which allows remote authenticated users to cause a denial of service (device…
- CVE-2008-1144Sep 5, 2008risk 0.00cvss —epss 0.02
The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse EAPoL-Key packets, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute…
- CVE-2007-4361Aug 15, 2007risk 0.00cvss —epss 0.03
NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access.
- CVE-2006-4765Sep 13, 2006risk 0.00cvss —epss 0.01
NETGEAR DG834GT Wireless ADSL router running firmware 1.01.28 allows attackers to cause a denial of service (device hang) via a long string in the username field in the login window.
- CVE-2006-4143Aug 15, 2006risk 0.00cvss —epss 0.02
Netgear FVG318 running firmware 1.0.40 allows remote attackers to cause a denial of service (router reset) via TCP packets with bad checksums.
- CVE-2006-1068Mar 7, 2006risk 0.00cvss —epss 0.02
Netgear 614 and 624 routers, possibly running VXWorks, allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as…
- CVE-2006-1003Mar 6, 2006risk 0.00cvss —epss 0.02
The backup configuration option in NETGEAR WGT624 Wireless Firewall Router stores sensitive information in cleartext, which allows remote attackers to obtain passwords and gain privileges.
- CVE-2006-1002Mar 6, 2006risk 0.00cvss —epss 0.03
NETGEAR WGT624 Wireless DSL router has a default account of super_username "Gearguy" and super_passwd "Geardog", which allows remote attackers to modify the configuration. NOTE: followup posts have suggested that this might not occur with all WGT624 routers.
- CVE-2005-4220Dec 14, 2005risk 0.00cvss —epss 0.02
Netgear RP114, and possibly other versions and devices, allows remote attackers to cause a denial of service via a SYN flood attack between one system on the internal interface and another on the external interface, which temporarily stops routing between the interfaces, as…
- CVE-2005-0328May 2, 2005risk 0.00cvss —epss 0.01
Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest firmware, allows remote attackers on the WAN to obtain the IP address of the LAN side interface by pinging a valid LAN IP address, which generates an ARP reply from the WAN address side that maps the LAN IP…
- CVE-2005-0291Jan 17, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via a blocked URL phrase.
- CVE-2005-0290Jan 17, 2005risk 0.00cvss —epss 0.02
NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to bypass the filters using hex encoded URLs, as demonstrated using a hex encoded file extension.
- CVE-2004-2557Dec 31, 2004risk 0.00cvss —epss 0.03
NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration.
- CVE-2004-2556Dec 31, 2004risk 0.00cvss —epss 0.03
NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration.
- CVE-2004-0611Dec 6, 2004risk 0.00cvss —epss 0.02
Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service (no new connections) via a large number of open HTTP connections.
- CVE-2002-1892Dec 31, 2002risk 0.00cvss —epss 0.01
NETGEAR FVS318 running firmware 1.1 stores the username and password in a readable format when a backup of the configuration file is made, which allows local users to obtain sensitive information.
- CVE-2002-2020Dec 31, 2002risk 0.00cvss —epss 0.02
Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default administrator password and accepts admin logins on the external interface, which allows remote attackers to gain privileges if the password is not changed.
- CVE-2002-2354Dec 31, 2002risk 0.00cvss —epss 0.02
Netgear FM114P firmware 1.3 wireless firewall allows remote attackers to cause a denial of service (crash or hang) via a large number of TCP connection requests.
- CVE-2002-2116Dec 31, 2002risk 0.00cvss —epss 0.02
Netgear RM-356 and RT-338 series SOHO routers allow remote attackers to cause a denial of service (crash) via a UDP port scan, as demonstrated using nmap.
- CVE-2002-1877Dec 31, 2002risk 0.00cvss —epss 0.02
NETGEAR FM114P allows remote attackers to bypass access restrictions for web sites via a URL that uses the IP address instead of the hostname.
- CVE-2002-2355Dec 31, 2002risk 0.00cvss —epss 0.01
Netgear FM114P firmware 1.3 wireless firewall, when configured to backup configuration information, stores DDNS (DynDNS) user name and password, MAC address filtering table and possibly other information in cleartext, which could allow local users to obtain sensitive information.
- CVE-2002-0238May 29, 2002risk 0.00cvss —epss 0.02
Cross-site scripting vulnerability in web administration interface for NetGear RT314 and RT311 Gateway Routers allows remote attackers to execute arbitrary script on another client via a URL that contains the script.
- CVE-2002-0127Mar 25, 2002risk 0.00cvss —epss 0.01
Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured to block traffic below port 1024, allows remote attackers to cause a denial of service (hang) via a port scan of the WAN port.
- CVE-2001-0888Dec 21, 2001risk 0.00cvss —epss 0.02
Atmel Firmware 1.3 Wireless Access Point (WAP) allows remote attackers to cause a denial of service via a SNMP request with (1) a community string other than "public" or (2) an unknown OID, which causes the WAP to deny subsequent SNMP requests.
- CVE-2001-0514Jul 21, 2001risk 0.00cvss —epss 0.02
SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of…
Page 27 of 27