24 matches found
VulnCheck KEV: CVE-2016-10174
The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution...
NETGEAR WNR2000v5 Router Has Weak Password Vulnerability
The NETGEAR WNR2000v5 router is a wireless router device. A weak password vulnerability exists in the NETGEAR WNR2000v5 router, which can be exploited by an attacker to compromise the device, obtain sensitive information, and perform unauthorized operations...
CVE-2021-29069
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR450 before 2.3.2.114, XR500 before 2.3.2.114, and WNR2000v5 before 1.0.0.76...
多款Netgear产品命令注入漏洞
Netgear NETGEAR XR500 and others are products of Netgear, Inc.NETGEAR XR500 is a wireless router.NETGEAR WNR2000v5 is a router.NETGEAR XR450 is a router. A command injection vulnerability exists in multiple NETGEAR models that allows command injection by an authenticated user. The following...
CVE-2018-21188
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.30, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3...
CVE-2018-21179
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, D7800 before 1.0.1.30, R7500 before 1.0.0.122, R7500v2 before 1.0.3.24, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before...
CVE-2018-21155
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.52, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.4.2, R9000 before 1.0.3.16, WNDR4300 before 1.0.2.98, WNDR4300v2 before...
CVE-2018-21172
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62...
CVE-2018-21111
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.60, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300 before...
CVE-2019-20725
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before...
NETGEAR N300 WNR2000v5 unauthenticated host access point daemon denial-of-service vulnerability
Summary An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon hostapd on the NETGEAR N300 WNR2000v5 wireless router. A SOAP request sent in an invalid sequence to the service can cause a null pointer dereference, resulting in the hostapd service crashing. An...
VulnCheck KEV: CVE-2016-10176
The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server uhttpd and processed accordingly. The web server also contains another URL, applynoauth.cgi,...
NETGEAR WNR2000v5 - (Un)authenticated hidden_lang_avi Stack Overflow Exploit
Exploit for hardware platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'time' class MetasploitModule 'NETGEAR WNR2000v5 Unauthenticated hiddenlangavi Stack...
Netgear WNR2000v5 - 'hidden_lang_avi' Remote Stack Overflow (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'time' class MetasploitModule 'NETGEAR WNR2000v5 Unauthenticated hiddenlangavi Stack Overflow', 'Description' = %q The NETGEAR WNR2000 router h...
NETGEAR WNR2000v5 (Un)authenticated hidden_lang_avi Stack Overflow
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'time' class MetasploitModule 'NETGEAR WNR2000v5 Unauthenticated hiddenlangavi Stack Overflow', 'Description' = %q The NETGEAR WNR2000 router h...
NETGEAR WNR2000v5 router hidden_lang_avi buffer overflow vulnerability
The NETGEAR WNR2000v5 router is a popular router device. A buffer overflow vulnerability exists in the NETGEAR WNR2000v5 router's handling of hiddenlangavi, which allows remote attackers to exploit the vulnerability to submit a special request, execute arbitrary code, or crash the application...
NETGEAR WNR2000v5 router authentication bypass vulnerability
The NETGEAR WNR2000v5 router is a popular router device. An authentication bypass vulnerability exists in the NETGEAR WNR2000v5 router. An attacker can use this vulnerability to bypass the authentication mechanism and perform unauthorized operations...
NETGEAR WNR2000v5 router information disclosure vulnerability
The NETGEAR WNR2000v5 router is a popular router device. A security vulnerability in the NETGEAR WNR2000v5 router allows remote attackers to exploit the vulnerability by submitting a special /BRSnetgearsuccess.html URI request, which can be used to obtain administrator username and password...
CVE-2016-10175
The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRSnetgearsuccess.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers t...
Remote code execution
The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server uhttpd and processed accordingly. The web server also contains another URL, applynoauth.cgi, that...