Filtered by vendor Netgear
Subscriptions
Total
1133 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38928 | 1 Netgear | 2 R7100lg, R7100lg Firmware | 2023-08-09 | 9.8 Critical |
| Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi. | ||||
| CVE-2023-38925 | 1 Netgear | 6 Dc112a, Dc112a Firmware, Ex6200 and 3 more | 2023-08-09 | 8.8 High |
| Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer overflow via the http_passwd parameter in password.cgi. | ||||
| CVE-2023-38926 | 1 Netgear | 2 Ex6200, Ex6200 Firmware | 2023-08-09 | 8.8 High |
| Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set. | ||||
| CVE-2023-38924 | 1 Netgear | 2 Dgn3500, Dgn3500 Firmware | 2023-08-09 | 6.5 Medium |
| Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi. | ||||
| CVE-2023-38922 | 1 Netgear | 6 Jwnr2000v2, Jwnr2000v2 Firmware, Xavn2001v2 and 3 more | 2023-08-09 | 8.8 High |
| Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function. | ||||
| CVE-2023-38921 | 1 Netgear | 4 Wag302v2, Wag302v2 Firmware, Wg302v2 and 1 more | 2023-08-09 | 8.8 High |
| Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters. | ||||
| CVE-2023-38591 | 1 Netgear | 2 Dg834gv5, Dg834gv5 Firmware | 2023-08-09 | 8.8 High |
| Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer overflows via the wla_ssid and wla_temp_ssid parameters at bsw_ssid.cgi. | ||||
| CVE-2023-38412 | 1 Netgear | 2 R6900p, R6900p Firmware | 2023-08-09 | 8.8 High |
| Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi. | ||||
| CVE-2023-36499 | 1 Netgear | 2 Xr300, Xr300 Firmware | 2023-08-09 | 8.8 High |
| Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_wifi_change.cgi. | ||||
| CVE-2021-40866 | 1 Netgear | 40 Gc108p, Gc108p Firmware, Gc108pp and 37 more | 2023-08-08 | 8.8 High |
| Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated attacker via the (disabled by default) /sqfs/bin/sccd daemon, which fails to check authentication when the authentication TLV is missing from a received NSDP packet. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2. | ||||
| CVE-2021-40867 | 1 Netgear | 40 Gc108p, Gc108p Firmware, Gc108pp and 37 more | 2023-08-08 | 7.1 High |
| Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker who uses the same source IP address as an admin in the process of logging in (e.g., behind the same NAT device, or already in possession of a foothold on an admin's machine). This occurs because the multi-step HTTP authentication process is effectively tied only to the source IP address. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2. | ||||
| CVE-2021-45494 | 1 Netgear | 6 Rbk352, Rbk352 Firmware, Rbr350 and 3 more | 2023-08-08 | 4.5 Medium |
| Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10. | ||||
| CVE-2022-47209 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2023-08-08 | 8.8 High |
| A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is “support” and cannot be changed by a user via any normally accessible means. | ||||
| CVE-2021-45512 | 1 Netgear | 42 D7000, D7000 Firmware, D8500 and 39 more | 2023-08-08 | 9.8 Critical |
| Certain NETGEAR devices are affected by weak cryptography. This affects D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX7000 before 1.0.1.90, R6250 before 1.0.4.42, R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R6900P before 1.3.2.124, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7900 before 1.0.4.26, R8000 before 1.0.4.58, R8300 before 1.0.2.134, R8500 before 1.0.2.134, RS400 before 1.5.0.48, WNR3500Lv2 before 1.2.0.62, and XR300 before 1.0.3.50. | ||||
| CVE-2022-42221 | 1 Netgear | 2 R6220, R6220 Firmware | 2023-08-08 | 8.8 High |
| Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, resulting in a command injection vulnerability. | ||||
| CVE-2022-31876 | 1 Netgear | 2 Wnap320, Wnap320 Firmware | 2023-08-08 | 5.3 Medium |
| netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies. | ||||
| CVE-2022-47052 | 1 Netgear | 2 Ac1200 R6220, Ac1200 R6220 Firmware | 2023-08-08 | 6.1 Medium |
| The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi Router' is vulnerable to a CRLF Injection attack that can be leveraged to perform Reflected XSS and HTML Injection. A malicious unauthenticated attacker can exploit this vulnerability using a specially crafted URL. This affects firmware versions: V1.1.0.112_1.0.1, V1.1.0.114_1.0.1. | ||||
| CVE-2022-47208 | 1 Netgear | 12 Nighthawk Ax11000, Nighthawk Ax11000 Firmware, Nighthawk Ax1800 and 9 more | 2023-08-08 | 8.8 High |
| The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication. | ||||
| CVE-2022-47210 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2023-08-08 | 7.8 High |
| The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device. | ||||
| CVE-2023-34563 | 1 Netgear | 2 R6250, R6250 Firmware | 2023-06-28 | 9.8 Critical |
| netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overflow after authentication. | ||||