Vulnerabilities (CVE)

Filtered by vendor Netgear Subscribe
Total 1117 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-0849 1 Netgear 2 Wndr3700, Wndr3700 Firmware 2024-05-17 5.8 MEDIUM 9.8 CRITICAL
A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221152.
CVE-2023-0848 1 Netgear 2 Wndr3700, Wndr3700 Firmware 2024-05-17 5.0 MEDIUM 7.5 HIGH
A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. It has been rated as problematic. This issue affects some unknown processing of the component Web Management Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221147.
CVE-2020-12695 21 Asus, Broadcom, Canon and 18 more 217 Rt-n11, Adsl, Selphy Cp1200 and 214 more 2024-04-08 7.8 HIGH 7.5 HIGH
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
CVE-2022-30078 1 Netgear 4 R6200, R6200 Firmware, R6300 and 1 more 2024-02-14 N/A 8.8 HIGH
NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware versions through R6300v2-V1.0.4.52_10.0.93 allow remote authenticated attackers to execute arbitrary command via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameters.
CVE-2018-18471 4 Axentra, Medion, Netgear and 1 more 4 Hipserv, Lifecloud, Stora and 1 more 2024-02-14 10.0 HIGH 9.8 CRITICAL
/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and MEDION LifeCloud, has an XXE vulnerability that can be chained with an SSRF bug to gain remote command execution as root. It can be triggered by anyone who knows the IP address of the affected device.
CVE-2022-30079 1 Netgear 1 R6200 2024-02-14 N/A 8.8 HIGH
Command injection vulnerability was discovered in Netgear R6200 v2 firmware through R6200v2-V1.0.3.12 via binary /sbin/acos_service that could allow remote authenticated attackers the ability to modify values in the vulnerable parameter.
CVE-2023-50089 1 Netgear 2 Wnr2000, Wnr2000 Firmware 2024-02-05 N/A 9.8 CRITICAL
A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication.
CVE-2023-49694 1 Netgear 1 Prosafe Network Management System 2024-02-05 N/A 7.8 HIGH
A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM.
CVE-2023-49007 1 Netgear 2 Rbr750, Rbr750 Firmware 2024-02-05 N/A 9.8 CRITICAL
In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-based buffer overflow in /usr/sbin/httpd.
CVE-2023-49693 1 Netgear 1 Prosafe Network Management System 2024-02-05 N/A 9.8 CRITICAL
NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code.
CVE-2023-38924 1 Netgear 2 Dgn3500, Dgn3500 Firmware 2024-02-05 N/A 6.5 MEDIUM
Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi.
CVE-2023-38925 1 Netgear 6 Dc112a, Dc112a Firmware, Ex6200 and 3 more 2024-02-05 N/A 8.8 HIGH
Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer overflow via the http_passwd parameter in password.cgi.
CVE-2023-38921 1 Netgear 4 Wag302v2, Wag302v2 Firmware, Wg302v2 and 1 more 2024-02-05 N/A 8.8 HIGH
Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters.
CVE-2023-36499 1 Netgear 2 Xr300, Xr300 Firmware 2024-02-05 N/A 8.8 HIGH
Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_wifi_change.cgi.
CVE-2023-39550 1 Netgear 6 Jwnr2000v2, Jwnr2000v2 Firmware, Xavn2001v2 and 3 more 2024-02-05 N/A 8.8 HIGH
Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the check_auth function.
CVE-2023-38922 1 Netgear 6 Jwnr2000v2, Jwnr2000v2 Firmware, Xavn2001v2 and 3 more 2024-02-05 N/A 8.8 HIGH
Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function.
CVE-2023-38412 1 Netgear 2 R6900p, R6900p Firmware 2024-02-05 N/A 8.8 HIGH
Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi.
CVE-2023-38926 1 Netgear 2 Ex6200, Ex6200 Firmware 2024-02-05 N/A 8.8 HIGH
Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set.
CVE-2023-38591 1 Netgear 2 Dg834gv5, Dg834gv5 Firmware 2024-02-05 N/A 8.8 HIGH
Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer overflows via the wla_ssid and wla_temp_ssid parameters at bsw_ssid.cgi.
CVE-2023-38928 1 Netgear 2 R7100lg, R7100lg Firmware 2024-02-05 N/A 9.8 CRITICAL
Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi.