VYPR

Vendor CVEs

Netgear

All CVEs

1,327 total · sorted by risk
  • CVE-2024-36792Jun 7, 2024
    risk 0.00cvss epss 0.00

    An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to gain access to the router's pin.

  • CVE-2024-36795Jun 6, 2024
    risk 0.00cvss epss 0.00

    Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access URLs and directories embedded within the firmware via unspecified vectors.

  • CVE-2024-5245May 23, 2024
    risk 0.00cvss epss 0.01

    NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. An attacker must first obtain the…

  • CVE-2022-43654May 7, 2024
    risk 0.00cvss epss 0.01

    NETGEAR CAX30S SSO Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30S routers. Authentication is not required to exploit this vulnerability. The…

  • CVE-2021-34947May 7, 2024
    risk 0.00cvss epss 0.01

    NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability. The…

  • CVE-2023-44445May 3, 2024
    risk 0.00cvss epss 0.01

    NETGEAR CAX30 SSO Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30 routers. Authentication is not required to exploit this vulnerability. …

  • CVE-2023-41183May 3, 2024
    risk 0.00cvss epss 0.15

    NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR Orbi 760 routers. Authentication is not required to exploit this vulnerability. The specific flaw…

  • CVE-2023-41182May 3, 2024
    risk 0.00cvss epss 0.59

    NETGEAR ProSAFE Network Management System ZipUtils Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is…

  • CVE-2023-40480May 3, 2024
    risk 0.00cvss epss 0.01

    NETGEAR RAX30 DHCP Server Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The…

  • CVE-2023-40479May 3, 2024
    risk 0.00cvss epss 0.01

    NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The…

  • CVE-2023-40478May 3, 2024
    risk 0.00cvss epss 0.01

    NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this…

  • CVE-2023-38102May 3, 2024
    risk 0.00cvss epss 0.01

    NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is…

  • CVE-2023-38101May 3, 2024
    risk 0.00cvss epss 0.02

    NETGEAR ProSAFE Network Management System SettingConfigController Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although…

  • CVE-2023-38100May 3, 2024
    risk 0.00cvss epss 0.01

    NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is…

  • CVE-2023-38099May 3, 2024
    risk 0.00cvss epss 0.53

    NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although…

  • CVE-2023-38097May 3, 2024
    risk 0.00cvss epss 0.02

    NETGEAR ProSAFE Network Management System BkreProcessThread Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although…

  • CVE-2023-35722May 3, 2024
    risk 0.00cvss epss 0.01

    NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The…

  • CVE-2023-34285May 3, 2024
    risk 0.00cvss epss 0.01

    NETGEAR RAX30 cmsCli_authenticate Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this…

  • CVE-2023-34284May 3, 2024
    risk 0.00cvss epss 0.00

    NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The…

  • CVE-2023-34283May 3, 2024
    risk 0.00cvss epss 0.01

    NETGEAR RAX30 USB Share Link Following Information Disclosure Vulnerability. This vulnerability allows physically present attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.…

  • CVE-2023-27370May 3, 2024
    risk 0.00cvss epss 0.00

    NETGEAR RAX30 Device Configuration Cleartext Storage Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit…

  • CVE-2023-27369May 3, 2024
    risk 0.00cvss epss 0.01

    NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. …

  • CVE-2023-27368May 3, 2024
    risk 0.00cvss epss 0.01

    NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this…

  • CVE-2023-27367May 3, 2024
    risk 0.00cvss epss 0.01

    NETGEAR RAX30 libcms_cli Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability,…

  • CVE-2023-27361May 3, 2024
    risk 0.00cvss epss 0.01

    NETGEAR RAX30 rex_cgi JSON Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is required to exploit this…

  • CVE-2023-27360May 3, 2024
    risk 0.00cvss epss 0.00

    NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. The specific…

  • CVE-2023-27358May 3, 2024
    risk 0.00cvss epss 0.01

    NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The…

  • CVE-2023-27357May 3, 2024
    risk 0.00cvss epss 0.01

    NETGEAR RAX30 GetInfo Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this…

  • CVE-2023-27356May 3, 2024
    risk 0.00cvss epss 0.01

    NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the…

  • CVE-2024-4235Apr 26, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The…

  • CVE-2024-30572Apr 3, 2024
    risk 0.00cvss epss 0.01

    Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntp_server parameter.

  • CVE-2023-50677Mar 14, 2024
    risk 0.00cvss epss 0.00

    An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attacker to escalate privileges via the next_file parameter to the /setup.cgi component.

  • CVE-2024-28339Mar 12, 2024
    risk 0.00cvss epss 0.00

    An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.

  • CVE-2024-28340Mar 12, 2024
    risk 0.00cvss epss 0.01

    An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.

  • CVE-2024-1431Feb 11, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit…

  • CVE-2024-1430Feb 11, 2024
    risk 0.00cvss epss 0.01

    A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information…

  • CVE-2023-50089Dec 15, 2023
    risk 0.00cvss epss 0.04

    A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication.

  • CVE-2023-49694Nov 29, 2023
    risk 0.00cvss epss 0.01

    A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM.

  • CVE-2023-49693Nov 29, 2023
    risk 0.00cvss epss 0.01

    NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code.

  • CVE-2023-36187Sep 1, 2023
    risk 0.00cvss epss 0.01

    Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd.

  • CVE-2023-38591Aug 7, 2023
    risk 0.00cvss epss 0.01

    Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer overflows via the wla_ssid and wla_temp_ssid parameters at bsw_ssid.cgi.

  • CVE-2023-39550Aug 7, 2023
    risk 0.00cvss epss 0.01

    Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the check_auth function.

  • CVE-2023-38412Aug 7, 2023
    risk 0.00cvss epss 0.01

    Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi.

  • CVE-2023-38924Aug 7, 2023
    risk 0.00cvss epss 0.01

    Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi.

  • CVE-2023-36499Aug 7, 2023
    risk 0.00cvss epss 0.01

    Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_wifi_change.cgi.

  • CVE-2023-38926Aug 7, 2023
    risk 0.00cvss epss 0.01

    Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set.

  • CVE-2023-38922Aug 7, 2023
    risk 0.00cvss epss 0.01

    Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function.

  • CVE-2023-38928Aug 7, 2023
    risk 0.00cvss epss 0.01

    Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi.

  • CVE-2023-38921Aug 7, 2023
    risk 0.00cvss epss 0.01

    Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters.

  • CVE-2023-2396Apr 28, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument USERDBUsers.Password leads to cross site scripting. The attack can be…

Page 6 of 27