VYPR

Vendor CVEs

Netgear

All CVEs

1,327 total · sorted by risk
  • CVE-2024-52025Nov 5, 2024
    risk 0.00cvss epss 0.00

    Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at geniepppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

  • CVE-2024-52024Nov 5, 2024
    risk 0.00cvss epss 0.00

    Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at wizpppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

  • CVE-2024-50993Nov 5, 2024
    risk 0.00cvss epss 0.01

    Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at admin_account.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

  • CVE-2024-50994Nov 5, 2024
    risk 0.00cvss epss 0.00

    Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component ipv6_fix.cgi via the ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, and ipv6_lan_length parameters. These vulnerabilities allow attackers to cause a Denial of Service…

  • CVE-2024-50995Nov 5, 2024
    risk 0.00cvss epss 0.00

    Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the share_name parameter at usb_remote_smb_conf.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

  • CVE-2024-50996Nov 5, 2024
    risk 0.00cvss epss 0.00

    Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the bpa_server parameter at genie_bpa.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

  • CVE-2024-50997Nov 5, 2024
    risk 0.00cvss epss 0.00

    Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

  • CVE-2024-50998Nov 5, 2024
    risk 0.00cvss epss 0.00

    Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component openvpn.cgi via the openvpn_service_port and openvpn_service_port_tun parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted…

  • CVE-2024-50999Nov 5, 2024
    risk 0.00cvss epss 0.01

    Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at password.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

  • CVE-2024-51000Nov 5, 2024
    risk 0.00cvss epss 0.00

    Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component wireless.cgi via the opmode, opmode_an, and opmode_an_2 parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request.

  • CVE-2024-51001Nov 5, 2024
    risk 0.00cvss epss 0.00

    Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the sysDNSHost parameter at ddns.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

  • CVE-2024-51002Nov 5, 2024
    risk 0.00cvss epss 0.00

    Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the l2tp_user_ip parameter at l2tp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

  • CVE-2024-51003Nov 5, 2024
    risk 0.00cvss epss 0.00

    Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component ap_mode.cgi via the apmode_dns1_pri and apmode_dns1_sec parameters. These vulnerabilities allow attackers to cause a…

  • CVE-2024-51004Nov 5, 2024
    risk 0.00cvss epss 0.00

    Netgear R8500 v1.0.2.160 and R7000P v1.3.3.154 were discovered to multiple stack overflow vulnerabilities in the component usb_device.cgi via the cifs_user, read_access, and write_access parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a…

  • CVE-2024-52023Nov 5, 2024
    risk 0.00cvss epss 0.00

    Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe2.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

  • CVE-2024-52022Nov 5, 2024
    risk 0.00cvss epss 0.01

    Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component wlg_adv.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute arbitrary OS commands…

  • CVE-2024-52021Nov 5, 2024
    risk 0.00cvss epss 0.01

    Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at bsw_fix.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

  • CVE-2024-52020Nov 5, 2024
    risk 0.00cvss epss 0.01

    Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at wiz_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

  • CVE-2024-52019Nov 5, 2024
    risk 0.00cvss epss 0.02

    Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

  • CVE-2024-52018Nov 5, 2024
    risk 0.00cvss epss 0.02

    Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at genie_dyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

  • CVE-2024-52017Nov 5, 2024
    risk 0.00cvss epss 0.00

    Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at bridge_wireless_main.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

  • CVE-2024-52016Nov 5, 2024
    risk 0.00cvss epss 0.00

    Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component wlg_adv.cgi via the apmode_dns1_pri and apmode_dns1_sec parameters. These vulnerabilities allow attackers to cause a…

  • CVE-2024-52015Nov 5, 2024
    risk 0.00cvss epss 0.00

    Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at bsw_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

  • CVE-2024-52014Nov 5, 2024
    risk 0.00cvss epss 0.00

    Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at genie_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

  • CVE-2024-52013Nov 5, 2024
    risk 0.00cvss epss 0.00

    Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at wiz_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

  • CVE-2024-51022Nov 5, 2024
    risk 0.00cvss epss 0.00

    Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the ssid parameter in bridge_wireless_main.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

  • CVE-2024-51021Nov 5, 2024
    risk 0.00cvss epss 0.01

    Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a command injection vulnerability via the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

  • CVE-2024-51020Nov 5, 2024
    risk 0.00cvss epss 0.00

    Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the apn parameter at usbISP_detail_edit.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

  • CVE-2024-51019Nov 5, 2024
    risk 0.00cvss epss 0.00

    Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pppoe_localnetmask parameter at pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

  • CVE-2024-51018Nov 5, 2024
    risk 0.00cvss epss 0.00

    Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

  • CVE-2024-51017Nov 5, 2024
    risk 0.00cvss epss 0.00

    Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the l2tp_user_netmask parameter at l2tp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

  • CVE-2024-51016Nov 5, 2024
    risk 0.00cvss epss 0.00

    Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the addName%d parameter in usb_approve.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

  • CVE-2024-51011Nov 5, 2024
    risk 0.00cvss epss 0.00

    Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

  • CVE-2024-51012Nov 5, 2024
    risk 0.00cvss epss 0.00

    Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_pri_dns parameter at ipv6_fix.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

  • CVE-2024-51013Nov 5, 2024
    risk 0.00cvss epss 0.00

    Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the RADIUSAddr%d_wla parameter at wireless.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

  • CVE-2024-51015Nov 5, 2024
    risk 0.00cvss epss 0.01

    Netgear R7000P v1.3.3.154 was discovered to contain a command injection vulnerability via the device_name2 parameter at operation_mode.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

  • CVE-2024-51005Nov 5, 2024
    risk 0.00cvss epss 0.01

    Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the share_name parameter at usb_remote_smb_conf.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

  • CVE-2024-51006Nov 5, 2024
    risk 0.00cvss epss 0.00

    Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_static_ip parameter in the ipv6_tunnel function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

  • CVE-2024-51007Nov 5, 2024
    risk 0.00cvss epss 0.00

    Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at wireless.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

  • CVE-2024-51008Nov 5, 2024
    risk 0.00cvss epss 0.01

    Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at wiz_dyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

  • CVE-2024-51009Nov 5, 2024
    risk 0.00cvss epss 0.01

    Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at ether.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

  • CVE-2024-51010Nov 5, 2024
    risk 0.00cvss epss 0.01

    Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component ap_mode.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute arbitrary OS commands…

  • CVE-2024-35520Oct 14, 2024
    risk 0.00cvss epss 0.09

    Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter.

  • CVE-2024-35518Oct 14, 2024
    risk 0.00cvss epss 0.01

    Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri parameter.

  • CVE-2024-35519Oct 14, 2024
    risk 0.00cvss epss 0.01

    Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter.

  • CVE-2024-35522Oct 11, 2024
    risk 0.00cvss epss 0.02

    Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1 and ap_24g_manual_sec set to NotNone.

  • CVE-2024-36788Jun 7, 2024
    risk 0.00cvss epss 0.00

    Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices.

  • CVE-2024-36790Jun 7, 2024
    risk 0.00cvss epss 0.00

    Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext.

  • CVE-2024-36789Jun 7, 2024
    risk 0.00cvss epss 0.00

    An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards.

  • CVE-2024-36787Jun 7, 2024
    risk 0.00cvss epss 0.01

    An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors.

Page 5 of 27