11879 matches found
The vulnerability in the setup.cgi script of Netgear DGN1000B router software allows a hacker to execute arbitrary commands.
The vulnerability in the setup.cgi script of Netgear DGN1000B router microprogramming software relates to the failure to take measures to neutralize special elements used in the operating system’s command for handling the TimeToLive parameter. Exploiting this vulnerability allows a remote attacke...
The vulnerability of the default_version_is_new() function in Netgear’s JWNR2000v2 router software allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the defaultversionisnew function in Netgear’s JWNR2000v2 router software lies in the copying of buffers without checking the size of the input data when processing the host parameter. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrit...
The vulnerability of the ui_get_input_value() function in Netgear WG302v2 router microprogramming software allows a hacker to execute arbitrary commands.
The vulnerability of the uigetinputvalue function in Netgear WG302v2 router microprogramming software is related to the lack of measures taken to clean data at the control level when processing the host parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary command...
The vulnerability of the sub_435E04() function in Netgear JWNR2000v2 software allows a hacker to execute arbitrary commands.
The vulnerability of the sub435E04 function in Netgear JWNR2000v2 microprogrammed software lies in the lack of measures taken to clean data at the control level when processing the host parameter. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary commands...
The vulnerability of the sub_4238E8() function in Netgear JWNR2000v2 microprogrammed software allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the sub4238E8 function in Netgear JWNR2000v2 microprogrammed software lies in the copying of buffers without checking the size of the input data when processing the host parameter. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity,...
The vulnerability of the sub_41A914() function in Netgear JWNR2000v2 software allows a hacker to cause a service failure.
The vulnerability of the sub41A914 function in Netgear JWNR2000v2 router microprogramming software is related to the copying of buffers without checking the size of the input data when processing the host parameter. Exploiting this vulnerability can allow an attacker to cause service interruption...
The vulnerability of the get_cur_lang_ver() function in Netgear’s JWNR2000v2 router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the getcurlangver function in Netgear JWNR2000v2 router microprogramming software is related to the copying of buffers without checking the size of the input data when processing the host parameter. Exploiting this vulnerability can allow an attacker to compromise the...
CVE-2013-10060
An authenticated OS command injection vulnerability exists in Netgear routers tested on the DGN2200B model firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the pppoeusername parameter. Thi...
CVE-2013-10061
An authenticated OS command injection vulnerability exists in Netgear routers tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45 via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neutralization, enabling command injection...
CVE-2013-10063
A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions = 1.0.4.80 in its embedded web server. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside the web root by injecting traversal sequences. This can expose sensitive...
CVE-2013-10063
A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions = 1.0.4.80 in its embedded web server. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside the web root by injecting traversal sequences. This can expose sensitive...
CVE-2013-10061
An authenticated OS command injection vulnerability exists in Netgear routers tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45 via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neutralization, enabling command injection...
CVE-2013-10060
An authenticated OS command injection vulnerability exists in Netgear routers tested on the DGN2200B model firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the pppoeusername parameter. Thi...
CVE-2013-10063 Netgear SPH200D <= 1.0.4.80 Path Traversal via HTTP GET
A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions = 1.0.4.80 in its embedded web server. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside the web root by injecting traversal sequences. This can expose sensitive...
CVE-2013-10063 Netgear SPH200D <= 1.0.4.80 Path Traversal via HTTP GET
A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions = 1.0.4.80 in its embedded web server. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside the web root by injecting traversal sequences. This can expose sensitive...
CVE-2013-10063
The Netgear SPH200D embedded web server is vulnerable to path traversal in firmware versions ≤ 1.0.4.80. Authenticated attackers can craft HTTP GET requests to access files outside the web root, exposing sensitive system files and configuration data. Affected: Netgear SPH200D (firmware
CVE-2013-10060
Netgear DGN2200B routers are affected by an authenticated OS command injection flaw in the pppoe.cgi endpoint (pppoe_username input) affecting firmware 1.0.0.36 and earlier. The root cause is insufficient input cleanup in pppoe.cgi, allowing remote code execution with valid credentials and full d...
CVE-2013-10060 Netgear Routers pppoe.cgi RCE
An authenticated OS command injection vulnerability exists in Netgear routers tested on the DGN2200B model firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the pppoeusername parameter. Thi...
CVE-2013-10060 Netgear Routers pppoe.cgi RCE
An authenticated OS command injection vulnerability exists in Netgear routers tested on the DGN2200B model firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the pppoeusername parameter. Thi...
CVE-2013-10061 Netgear Routers setup.cgi RCE
An authenticated OS command injection vulnerability exists in Netgear routers tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45 via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neutralization, enabling command injection...