CVE-2013-10061 Netgear Routers setup.cgi RCE

An authenticated OS command injection vulnerability exists in Netgear routers tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45 via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neutralization, enabling command injection...

CVE-2013-10061

CVE-2013-10061: Authenticated OS command injection in Netgear DGN1000B routers via TimeToLive parameter in /setup.cgi. Affected firmware versions: 1.1.00.24 and 1.1.00.45. Root cause: improper input neutralization enabling command execution after authentication. Impact: allows remote attackers to...

Netgear SPH200D 安全漏洞

The Netgear SPH200D is a wireless Internet phone from Netgear USA. The Netgear SPH200D suffers from a directory traversal vulnerability that can be exploited by an attacker to view arbitrary files on the system by sending a crafted URL request...

Netgear DGN2200B 安全漏洞

The Netgear DGN2200B is a wireless router from Netgear USA. A code execution vulnerability exists in Netgear DGN2200B 1.0.0.36 and earlier versions, which stems from insufficient pppoe.cgi endpoint input cleanup, and can be exploited by an attacker to potentially cause remote code execution...

Netgear DGN1000B 安全漏洞

The Netgear DGN1000B is a wireless router from the American company Netgear. A code execution vulnerability exists in the Netgear DGN1000B version 1.1.00.24 and 1.1.00.45, which stems from insufficient cleanup of setup.cgi endpoint inputs, and can be exploited by an attacker to potentially cause...

PT-2025-31697 · NetGear · Netgear Sph200D

Name of the Vulnerable Software and Affected Versions: Netgear SPH200D versions 1.0.4.80 and earlier Description: A path traversal vulnerability exists in the embedded web server of the affected product. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside th...

NETGEAR XR300 Stack Buffer Overflow Vulnerability (CNVD-2025-20497)

The NETGEAR XR300 is the entry-level Nighthawk Pro Gaming series wireless router from NETGEAR. The NETGEAR XR300 suffers from a stack buffer overflow vulnerability that stems from a stack buffer overflow in the HTTPD service when processing a POST request from the usbdevice.cgi endpoint, no detai...

NETGEAR XR300 Stack Buffer Overflow Vulnerability

The NETGEAR XR300 is the entry-level Nighthawk Pro Gaming series wireless router from NETGEAR. The NETGEAR XR300 suffers from a stack buffer overflow vulnerability that stems from a stack buffer overflow in the HTTPD service when processing a POST request from the usbdevice.cgi endpoint, no detai...

NETGEAR XR300 Stack Buffer Overflow Vulnerability (CNVD-2025-20496)

The NETGEAR XR300 is the entry-level Nighthawk Pro Gaming series wireless router from NETGEAR. The NETGEAR XR300 suffers from a stack buffer overflow vulnerability that stems from a stack buffer overflow in the HTTPD service when processing a POST request from the usbdevice.cgi endpoint, no detai...

The vulnerability of NETGEAR RAX30 router microprogramming software, related to improper cleaning or freeing of resources, allows a intruder to trigger a service failure.

The vulnerability of NETGEAR RAX30 router microprogramming software is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures...

The vulnerability of the vif_disable function in the Netgear RAX5 router’s built-in software allows a hacker to execute arbitrary commands.

The vulnerability of the vifdisable function in the Netgear RAX5 router’s built-in software is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the apcli_do_enr_pbc_wps function in the Netgear RAX5 router’s built-in software allows a hacker to execute arbitrary commands.

The vulnerability of the apclidoenrpbcwps function in Netgear RAX5 router’s built-in software is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of sub_503FC in Netgear EX6200 Wi-Fi router’s built-in software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the sub503FC function in Netgear EX6200 Wi-Fi routers is related to the output of operations that go beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of sub_54014 in Netgear EX6200 Wi-Fi router’s built-in software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of sub54014 in Netgear EX6200 Wi-Fi router’s built-in software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

Unspecified Vulnerability in NETGEAR RAX30 (CNVD-2025-16867)

The NETGEAR RAX30 is a dual-band wireless router from NETGEAR. A security vulnerability exists in NETGEAR RAX30 version V1.0.10.943, which can be exploited by an attacker to potentially cause a denial of service attack...

Unspecified vulnerability in Netgear RAX30 (CNVD-2025-16868)

The NETGEAR RAX30 is a dual-band wireless router from NETGEAR. A security vulnerability exists in Netgear RAX30 version V1.0.10.94, which can be exploited by an attacker to potentially cause remote code execution...

CVE-2025-44652

In Netgear RAX30 V1.0.10.943, the USERLIMITGLOBAL option is set to 0 in multiple bftpd-related configuration files. This can cause DoS attacks when unlimited users are connected...

CVE-2025-44658

In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tricking the web server into executing them ...

CVE-2025-44650

In Netgear R7000 V1.3.1.6410.1.36 and EAX80 V1.0.1.701.0.2, the USERLIMITGLOBAL option is set to 0 in the bftpd.conf configuration file. This can cause DoS attacks when unlimited users are connected...

Netgear D6400 Remote Command Execution Vulnerability

The Netgear D6400 is a wireless modem from NETGEAR. A remote command execution vulnerability exists in the Netgear D6400, which can be exploited by an attacker to execute arbitrary commands on the system...