Vulnerabilities (CVE)

Filtered by vendor Netgear Subscribe
Total 1269 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-4765 1 Netgear 1 Dg834gt 2025-04-03 5.0 MEDIUM N/A
NETGEAR DG834GT Wireless ADSL router running firmware 1.01.28 allows attackers to cause a denial of service (device hang) via a long string in the username field in the login window.
CVE-2006-1003 1 Netgear 1 Wgt624 2025-04-03 5.0 MEDIUM N/A
The backup configuration option in NETGEAR WGT624 Wireless Firewall Router stores sensitive information in cleartext, which allows remote attackers to obtain passwords and gain privileges.
CVE-2002-0238 1 Netgear 1 Rt314 2025-04-03 7.5 HIGH N/A
Cross-site scripting vulnerability in web administration interface for NetGear RT314 and RT311 Gateway Routers allows remote attackers to execute arbitrary script on another client via a URL that contains the script.
CVE-2005-0290 1 Netgear 1 Fvs318 2025-04-03 7.5 HIGH N/A
NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to bypass the filters using hex encoded URLs, as demonstrated using a hex encoded file extension.
CVE-2006-4143 1 Netgear 1 Fvg318 2025-04-03 7.8 HIGH N/A
Netgear FVG318 running firmware 1.0.40 allows remote attackers to cause a denial of service (router reset) via TCP packets with bad checksums.
CVE-2006-1002 1 Netgear 1 Wgt624 2025-04-03 10.0 HIGH N/A
NETGEAR WGT624 Wireless DSL router has a default account of super_username "Gearguy" and super_passwd "Geardog", which allows remote attackers to modify the configuration. NOTE: followup posts have suggested that this might not occur with all WGT624 routers.
CVE-2004-2557 1 Netgear 1 Wg602 2025-04-03 5.0 MEDIUM N/A
NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration.
CVE-2004-2556 1 Netgear 1 Wg602 2025-04-03 5.0 MEDIUM N/A
NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration.
CVE-2004-0611 1 Netgear 1 Fvs318 2025-04-03 5.0 MEDIUM N/A
Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service (no new connections) via a large number of open HTTP connections.
CVE-2002-2354 1 Netgear 1 Fm114p 2025-04-03 7.8 HIGH N/A
Netgear FM114P firmware 1.3 wireless firewall allows remote attackers to cause a denial of service (crash or hang) via a large number of TCP connection requests.
CVE-2022-47052 1 Netgear 2 Ac1200 R6220, Ac1200 R6220 Firmware 2025-04-01 N/A 6.1 MEDIUM
The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi Router' is vulnerable to a CRLF Injection attack that can be leveraged to perform Reflected XSS and HTML Injection. A malicious unauthenticated attacker can exploit this vulnerability using a specially crafted URL. This affects firmware versions: V1.1.0.112_1.0.1, V1.1.0.114_1.0.1.
CVE-2022-48322 1 Netgear 12 Mr60, Mr60 Firmware, Ms60 and 9 more 2025-03-21 N/A 9.8 CRITICAL
NETGEAR Nighthawk WiFi Mesh systems and routers are affected by a stack-based buffer overflow vulnerability. This affects MR60 before 1.1.7.132, MS60 before 1.1.7.132, R6900P before 1.3.3.154, R7000P before 1.3.3.154, R7960P before 1.4.4.94, and R8000P before 1.4.4.94.
CVE-2024-35518 1 Netgear 2 Ex6120, Ex6120 Firmware 2025-03-19 N/A 8.4 HIGH
Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri parameter.
CVE-2024-35519 1 Netgear 6 Ex3700, Ex3700 Firmware, Ex6100 and 3 more 2025-03-17 N/A 8.4 HIGH
Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter.
CVE-2024-35522 1 Netgear 2 Ex3700, Ex3700 Firmware 2025-03-13 N/A 8.4 HIGH
Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1 and ap_24g_manual_sec set to NotNone.
CVE-2024-35517 1 Netgear 2 Xr1000, Xr1000 Firmware 2025-03-13 N/A 8.4 HIGH
Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter.
CVE-2023-48725 1 Netgear 2 Rax30, Rax30 Firmware 2025-03-11 N/A 7.2 HIGH
A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2023-27850 1 Netgear 2 Rax30, Rax30 Firmware 2025-02-28 N/A 6.8 MEDIUM
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device.
CVE-2023-1205 1 Netgear 2 Rax30, Rax30 Firmware 2025-02-28 N/A 8.8 HIGH
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections.
CVE-2023-27853 1 Netgear 2 Rax30, Rax30 Firmware 2025-02-27 N/A 9.8 CRITICAL
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device.