CVE-2025-29044

Buffer Overflow vulnerability in Netgear- R61 router V1.0.1.28 allows a remote attacker to execute arbitrary code via the QUERYSTRING key value...

The vulnerability of the SetDefaultConnectionService() function in Netgear WNR854T router software allows a hacker to induce a service failure.

The vulnerability of the SetDefaultConnectionService function in Netgear WNR854T router microprogramming software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failure...

CVE-2024-54804

Netgear WNR854T 1.5.2 North America is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter wanhostname and forcing a reboot. This will result in command injection...

CVE-2024-57046

A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication...

CVE-2022-41545

The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 and possibly others authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transpor...

Netgear C7800 Missing Transport Encryption

Netgear C7800 suffers from a man-in-the-middle vulnerability...

CVE-2020-15635

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers with firmware 1.0.4.8410.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the acsd service, which...

The vulnerability in the RMT_invite.cgi script of NETGEAR R7000 Wi-Fi routers allows a hacker to execute arbitrary commands.

The vulnerability in the RMTinvite.cgi script of NETGEAR R7000 Wi-Fi routers lies in the lack of data cleaning at the control level when processing the parameter devicename2. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely...

The vulnerability in the `usb_remote_smb_conf.cgi` script of NETGEAR R8500 router software allows a hacker to execute arbitrary commands.

The vulnerability in the usbremotesmbconf.cgi script of NETGEAR R8500 router microprogramming software lies in the lack of measures to neutralize special elements used in the operating system’s command when processing the sharename parameter. Exploiting this vulnerability allows a remote attacker...

The vulnerability in the wireless.cgi script of Netgear XR300 router software allows a hacker to induce a service failure.

The vulnerability in the wireless.cgi script of Netgear XR300 router software lies in the copying of buffers without checking the size of the input data during the processing of the passphrase parameter. Exploiting this vulnerability allows a malicious actor to trigger a service failure through a...

The vulnerability in the ipv6_fix.cgi script of Netgear R8500 router software allows a attacker to trigger a service failure.

The vulnerability in the ipv6fix.cgi microprogram of Netgear R8500 routers stems from the copying of input buffers without checking their sizes during the processing of parameters ipv6wanipaddr, ipv6lanipaddr, ipv6wanlength, and ipv6lanlength. Exploiting this vulnerability allows a malicious acto...

The vulnerability in the geniepppoe.cgi script of Netgear’s router software models R7000P and R6400 v2 allows a hacker to cause a service failure.

The vulnerability in the geniepppoe.cgi microprogramming software for Netgear XR300, R7000P, and R6400 v2 lies in the copying of buffers without checking the size of input data during the processing of the pppoelocalip parameter. Exploiting this vulnerability allows a malicious actor to cause...

The vulnerability in the wlg_adv.cgi script of Netgear router microprogramming devices such as R8500, XR300, R7000P, and R6400 v2 allows a hacker to execute arbitrary commands.

The vulnerability in the wlgadv.cgi script of Netgear router microprogramming devices such as R8500, XR300, R7000P, and R6400 v2 relates to the failure to take data cleaning measures at the control level when processing the apmodegateway parameter. Exploiting this vulnerability allows a remote...

The vulnerability in the bsw_pppoe.cgi script of Netgear’s router software models XR300, R7000P, and R6400 v2 allows a hacker to cause a service failure.

The vulnerability in the bswpppoe.cgi script of Netgear XR300, R7000P, and R6400 v2 routers stems from the copying of buffer data without checking the size of the input data during the processing of the pppoelocalip parameter. Exploiting this vulnerability allows a malicious actor to cause servic...

The vulnerability in the wizpppoe.cgi script of the microprogramming software for Netgear XR300, R7000P, and R6400 v2 allows a hacker to cause a service failure.

The vulnerability in the wizpppoe.cgi microprogramming software of Netgear XR300, R7000P, and R6400 v2 lies in the copying of buffers without checking the size of input data during the processing of the pppoelocalip parameter. Exploiting this vulnerability allows a malicious actor to cause servic...

The vulnerability in the ru_wan_flow.cgi script of the Netgear R7000P router’s microprogramming software allows a hacker to induce a service failure.

The vulnerability in the ruwanflow.cgi microprogramming system of Netgear R7000P routers is related to the copying of buffers without checking the size of input data during the processing of the pptpusernetmask parameter. Exploiting this vulnerability allows a malicious actor to cause service...

CVE-2024-52030

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptpusernetmask parameter at ruwanflow.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...

CVE-2024-52028

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptpusernetmask parameter at wizpptp.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...

CVE-2024-52019

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wangateway parameter at geniefix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-51013

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the RADIUSAddr%dwla parameter at wireless.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...