Vendor CVEs
Netgear
All CVEs
1,327 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-36792 | 0.00 | — | 0.00 | Jun 7, 2024 | An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to gain access to the router's pin. | |||
| CVE-2024-36795 | 0.00 | — | 0.00 | Jun 6, 2024 | Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access URLs and directories embedded within the firmware via unspecified vectors. | |||
| CVE-2024-5245 | 0.00 | — | 0.01 | May 23, 2024 | NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. An attacker must first obtain the… | |||
| CVE-2022-43654 | 0.00 | — | 0.01 | May 7, 2024 | NETGEAR CAX30S SSO Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30S routers. Authentication is not required to exploit this vulnerability. The… | |||
| CVE-2021-34947 | 0.00 | — | 0.01 | May 7, 2024 | NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability. The… | |||
| CVE-2023-44445 | 0.00 | — | 0.01 | May 3, 2024 | NETGEAR CAX30 SSO Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30 routers. Authentication is not required to exploit this vulnerability. … | |||
| CVE-2023-41183 | 0.00 | — | 0.15 | May 3, 2024 | NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR Orbi 760 routers. Authentication is not required to exploit this vulnerability. The specific flaw… | |||
| CVE-2023-41182 | 0.00 | — | 0.59 | May 3, 2024 | NETGEAR ProSAFE Network Management System ZipUtils Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is… | |||
| CVE-2023-40480 | 0.00 | — | 0.01 | May 3, 2024 | NETGEAR RAX30 DHCP Server Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The… | |||
| CVE-2023-40479 | 0.00 | — | 0.01 | May 3, 2024 | NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The… | |||
| CVE-2023-40478 | 0.00 | — | 0.01 | May 3, 2024 | NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this… | |||
| CVE-2023-38102 | 0.00 | — | 0.01 | May 3, 2024 | NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is… | |||
| CVE-2023-38101 | 0.00 | — | 0.02 | May 3, 2024 | NETGEAR ProSAFE Network Management System SettingConfigController Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although… | |||
| CVE-2023-38100 | 0.00 | — | 0.01 | May 3, 2024 | NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is… | |||
| CVE-2023-38099 | 0.00 | — | 0.53 | May 3, 2024 | NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although… | |||
| CVE-2023-38097 | 0.00 | — | 0.02 | May 3, 2024 | NETGEAR ProSAFE Network Management System BkreProcessThread Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although… | |||
| CVE-2023-35722 | 0.00 | — | 0.01 | May 3, 2024 | NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The… | |||
| CVE-2023-34285 | 0.00 | — | 0.01 | May 3, 2024 | NETGEAR RAX30 cmsCli_authenticate Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this… | |||
| CVE-2023-34284 | 0.00 | — | 0.00 | May 3, 2024 | NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The… | |||
| CVE-2023-34283 | 0.00 | — | 0.01 | May 3, 2024 | NETGEAR RAX30 USB Share Link Following Information Disclosure Vulnerability. This vulnerability allows physically present attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.… | |||
| CVE-2023-27370 | 0.00 | — | 0.00 | May 3, 2024 | NETGEAR RAX30 Device Configuration Cleartext Storage Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit… | |||
| CVE-2023-27369 | 0.00 | — | 0.01 | May 3, 2024 | NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. … | |||
| CVE-2023-27368 | 0.00 | — | 0.01 | May 3, 2024 | NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this… | |||
| CVE-2023-27367 | 0.00 | — | 0.01 | May 3, 2024 | NETGEAR RAX30 libcms_cli Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability,… | |||
| CVE-2023-27361 | 0.00 | — | 0.01 | May 3, 2024 | NETGEAR RAX30 rex_cgi JSON Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is required to exploit this… | |||
| CVE-2023-27360 | 0.00 | — | 0.00 | May 3, 2024 | NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. The specific… | |||
| CVE-2023-27358 | 0.00 | — | 0.01 | May 3, 2024 | NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The… | |||
| CVE-2023-27357 | 0.00 | — | 0.01 | May 3, 2024 | NETGEAR RAX30 GetInfo Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this… | |||
| CVE-2023-27356 | 0.00 | — | 0.01 | May 3, 2024 | NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the… | |||
| CVE-2024-4235 | 0.00 | — | 0.01 | Apr 26, 2024 | A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The… | |||
| CVE-2024-30572 | 0.00 | — | 0.01 | Apr 3, 2024 | Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntp_server parameter. | |||
| CVE-2023-50677 | 0.00 | — | 0.00 | Mar 14, 2024 | An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attacker to escalate privileges via the next_file parameter to the /setup.cgi component. | |||
| CVE-2024-28339 | 0.00 | — | 0.00 | Mar 12, 2024 | An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required. | |||
| CVE-2024-28340 | 0.00 | — | 0.01 | Mar 12, 2024 | An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required. | |||
| CVE-2024-1431 | 0.00 | — | 0.01 | Feb 11, 2024 | A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit… | |||
| CVE-2024-1430 | 0.00 | — | 0.01 | Feb 11, 2024 | A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information… | |||
| CVE-2023-50089 | 0.00 | — | 0.04 | Dec 15, 2023 | A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication. | |||
| CVE-2023-49694 | 0.00 | — | 0.01 | Nov 29, 2023 | A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM. | |||
| CVE-2023-49693 | 0.00 | — | 0.01 | Nov 29, 2023 | NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code. | |||
| CVE-2023-36187 | 0.00 | — | 0.01 | Sep 1, 2023 | Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd. | |||
| CVE-2023-38591 | 0.00 | — | 0.01 | Aug 7, 2023 | Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer overflows via the wla_ssid and wla_temp_ssid parameters at bsw_ssid.cgi. | |||
| CVE-2023-39550 | 0.00 | — | 0.01 | Aug 7, 2023 | Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the check_auth function. | |||
| CVE-2023-38412 | 0.00 | — | 0.01 | Aug 7, 2023 | Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi. | |||
| CVE-2023-38924 | 0.00 | — | 0.01 | Aug 7, 2023 | Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi. | |||
| CVE-2023-36499 | 0.00 | — | 0.01 | Aug 7, 2023 | Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_wifi_change.cgi. | |||
| CVE-2023-38926 | 0.00 | — | 0.01 | Aug 7, 2023 | Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set. | |||
| CVE-2023-38922 | 0.00 | — | 0.01 | Aug 7, 2023 | Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function. | |||
| CVE-2023-38928 | 0.00 | — | 0.01 | Aug 7, 2023 | Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi. | |||
| CVE-2023-38921 | 0.00 | — | 0.01 | Aug 7, 2023 | Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters. | |||
| CVE-2023-2396 | 0.00 | — | 0.01 | Apr 28, 2023 | A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument USERDBUsers.Password leads to cross site scripting. The attack can be… |
- CVE-2024-36792Jun 7, 2024risk 0.00cvss —epss 0.00
An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to gain access to the router's pin.
- CVE-2024-36795Jun 6, 2024risk 0.00cvss —epss 0.00
Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access URLs and directories embedded within the firmware via unspecified vectors.
- CVE-2024-5245May 23, 2024risk 0.00cvss —epss 0.01
NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. An attacker must first obtain the…
- CVE-2022-43654May 7, 2024risk 0.00cvss —epss 0.01
NETGEAR CAX30S SSO Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30S routers. Authentication is not required to exploit this vulnerability. The…
- CVE-2021-34947May 7, 2024risk 0.00cvss —epss 0.01
NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability. The…
- CVE-2023-44445May 3, 2024risk 0.00cvss —epss 0.01
NETGEAR CAX30 SSO Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30 routers. Authentication is not required to exploit this vulnerability. …
- CVE-2023-41183May 3, 2024risk 0.00cvss —epss 0.15
NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR Orbi 760 routers. Authentication is not required to exploit this vulnerability. The specific flaw…
- CVE-2023-41182May 3, 2024risk 0.00cvss —epss 0.59
NETGEAR ProSAFE Network Management System ZipUtils Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is…
- CVE-2023-40480May 3, 2024risk 0.00cvss —epss 0.01
NETGEAR RAX30 DHCP Server Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The…
- CVE-2023-40479May 3, 2024risk 0.00cvss —epss 0.01
NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The…
- CVE-2023-40478May 3, 2024risk 0.00cvss —epss 0.01
NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this…
- CVE-2023-38102May 3, 2024risk 0.00cvss —epss 0.01
NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is…
- CVE-2023-38101May 3, 2024risk 0.00cvss —epss 0.02
NETGEAR ProSAFE Network Management System SettingConfigController Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although…
- CVE-2023-38100May 3, 2024risk 0.00cvss —epss 0.01
NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is…
- CVE-2023-38099May 3, 2024risk 0.00cvss —epss 0.53
NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although…
- CVE-2023-38097May 3, 2024risk 0.00cvss —epss 0.02
NETGEAR ProSAFE Network Management System BkreProcessThread Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although…
- CVE-2023-35722May 3, 2024risk 0.00cvss —epss 0.01
NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The…
- CVE-2023-34285May 3, 2024risk 0.00cvss —epss 0.01
NETGEAR RAX30 cmsCli_authenticate Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this…
- CVE-2023-34284May 3, 2024risk 0.00cvss —epss 0.00
NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The…
- CVE-2023-34283May 3, 2024risk 0.00cvss —epss 0.01
NETGEAR RAX30 USB Share Link Following Information Disclosure Vulnerability. This vulnerability allows physically present attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.…
- CVE-2023-27370May 3, 2024risk 0.00cvss —epss 0.00
NETGEAR RAX30 Device Configuration Cleartext Storage Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit…
- CVE-2023-27369May 3, 2024risk 0.00cvss —epss 0.01
NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. …
- CVE-2023-27368May 3, 2024risk 0.00cvss —epss 0.01
NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this…
- CVE-2023-27367May 3, 2024risk 0.00cvss —epss 0.01
NETGEAR RAX30 libcms_cli Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability,…
- CVE-2023-27361May 3, 2024risk 0.00cvss —epss 0.01
NETGEAR RAX30 rex_cgi JSON Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is required to exploit this…
- CVE-2023-27360May 3, 2024risk 0.00cvss —epss 0.00
NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. The specific…
- CVE-2023-27358May 3, 2024risk 0.00cvss —epss 0.01
NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The…
- CVE-2023-27357May 3, 2024risk 0.00cvss —epss 0.01
NETGEAR RAX30 GetInfo Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this…
- CVE-2023-27356May 3, 2024risk 0.00cvss —epss 0.01
NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the…
- CVE-2024-4235Apr 26, 2024risk 0.00cvss —epss 0.01
A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The…
- CVE-2024-30572Apr 3, 2024risk 0.00cvss —epss 0.01
Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntp_server parameter.
- CVE-2023-50677Mar 14, 2024risk 0.00cvss —epss 0.00
An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attacker to escalate privileges via the next_file parameter to the /setup.cgi component.
- CVE-2024-28339Mar 12, 2024risk 0.00cvss —epss 0.00
An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.
- CVE-2024-28340Mar 12, 2024risk 0.00cvss —epss 0.01
An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required.
- CVE-2024-1431Feb 11, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit…
- CVE-2024-1430Feb 11, 2024risk 0.00cvss —epss 0.01
A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information…
- CVE-2023-50089Dec 15, 2023risk 0.00cvss —epss 0.04
A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication.
- CVE-2023-49694Nov 29, 2023risk 0.00cvss —epss 0.01
A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM.
- CVE-2023-49693Nov 29, 2023risk 0.00cvss —epss 0.01
NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code.
- CVE-2023-36187Sep 1, 2023risk 0.00cvss —epss 0.01
Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd.
- CVE-2023-38591Aug 7, 2023risk 0.00cvss —epss 0.01
Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer overflows via the wla_ssid and wla_temp_ssid parameters at bsw_ssid.cgi.
- CVE-2023-39550Aug 7, 2023risk 0.00cvss —epss 0.01
Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the check_auth function.
- CVE-2023-38412Aug 7, 2023risk 0.00cvss —epss 0.01
Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi.
- CVE-2023-38924Aug 7, 2023risk 0.00cvss —epss 0.01
Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi.
- CVE-2023-36499Aug 7, 2023risk 0.00cvss —epss 0.01
Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_wifi_change.cgi.
- CVE-2023-38926Aug 7, 2023risk 0.00cvss —epss 0.01
Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set.
- CVE-2023-38922Aug 7, 2023risk 0.00cvss —epss 0.01
Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function.
- CVE-2023-38928Aug 7, 2023risk 0.00cvss —epss 0.01
Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi.
- CVE-2023-38921Aug 7, 2023risk 0.00cvss —epss 0.01
Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters.
- CVE-2023-2396Apr 28, 2023risk 0.00cvss —epss 0.01
A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument USERDBUsers.Password leads to cross site scripting. The attack can be…
Page 6 of 27