CVE-2025-52082

CVE-2025-52082 affects NETGEAR XR300 (V1.0.3.38_10.3.30). The vulnerability is a stack-based buffer overflow in the HTTPD service triggered by POST requests to the usb_device.cgi endpoint when the read_access parameter is processed. Impact is described as potential low/low escalation with network...

PT-2025-29576 · NetGear · Netgear Xr300

Name of the Vulnerable Software and Affected Versions: Netgear XR300 version 1.0.3.38 10.3.30 Description: A stack-based buffer overflow exists in the HTTPD service through the usb device.cgi endpoint when processing POST requests containing the usb folder parameter. Recommendations: Update to a...

CVE-2025-52081

CVE-2025-52081 affects Netgear XR300 routers (V1.0.3.38_10.3.30). It is a stack-based buffer overflow in the HTTPD service triggered by POST requests to the usb_device.cgi endpoint when the usb_folder parameter is processed. The vulnerability stems from improper handling in this endpoint, enablin...

PT-2025-29578 · NetGear · Netgear Xr300

Name of the Vulnerable Software and Affected Versions: Netgear XR300 version 1.0.3.38 10.3.30 Description: A stack-based buffer overflow exists in the HTTPD service through the usb device.cgi endpoint when processing POST requests containing the share name parameter. Recommendations: Apply update...

PT-2025-29577 · NetGear · Netgear Xr300

Name of the Vulnerable Software and Affected Versions: Netgear XR300 version 1.0.3.38 10.3.30 Description: A stack-based buffer overflow exists in the HTTPD service through the usb device.cgi endpoint. The issue occurs when processing POST requests containing the read access parameter...

CVE-2025-52082

In Netgear XR300 V1.0.3.3810.3.30, a stack-based buffer overflow exists in the HTTPD service through the usbdevice.cgi endpoint. The vulnerability occurs when processing POST requests containing the readaccess parameter...

CVE-2025-52081

In Netgear XR300 V1.0.3.3810.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usbdevice.cgi endpoint. The vulnerability occurs when processing POST requests containing the usbfolder parameter...

CVE-2025-52080

In Netgear XR300 V1.0.3.3810.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usbdevice.cgi endpoint. The vulnerability occurs when processing POST requests containing the sharename parameter...

CVE-2025-52082

In Netgear XR300 V1.0.3.3810.3.30, a stack-based buffer overflow exists in the HTTPD service through the usbdevice.cgi endpoint. The vulnerability occurs when processing POST requests containing the readaccess parameter...

CVE-2025-52081

In Netgear XR300 V1.0.3.3810.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usbdevice.cgi endpoint. The vulnerability occurs when processing POST requests containing the usbfolder parameter...

CVE-2022-28561

There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21cn router. An attacker can obtain a stable shell through a carefully constructed payload...

CVE-2022-46080

Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and command execution by using the HTTPD service to enable TELNET...

CVE-2022-24973

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on...

CVE-2022-36233

Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, formfastsettingwifiset. httpd...

CVE-2022-27642

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect...

CVE-2022-47853

TOTOlink A7100RU V7.4cu.2313B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload...

CVE-2018-20335

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. An unauthenticated user can trigger a DoS of the httpd service via the /APPInstallation.asp?= URI...

RHEL 6 / 7 : php54-php (RHSA-2015:1219)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1219 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart...

CVE-2022-43636

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link TL-WR940N 6211111 3.20.1US routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by...

CVE-2021-34982

NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The...