Netgear DGND3700 Improper Authentication Vulnerability

The Netgear DGND3700 is a dual-band Gigabit wireless DSL router manufactured by NETGEAR and is primarily used for home and SMB network connections. The Netgear DGND3700 suffers from an improper authentication vulnerability that originates in an unknown portion of Basic Authentication's file...

Netgear DGND3700 Information Disclosure Vulnerability

The Netgear DGND3700 is a modem router from NETGEAR. The Netgear DGND3700 suffers from an information disclosure vulnerability that originates from improper handling of the file /BRStop.html, which can be exploited by an attacker to cause information disclosure...

CVE-2024-52026

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoelocalip parameter at bswpppoe.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...

CVE-2024-52017

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at bridgewirelessmain.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...

CVE-2024-52013

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptpuserip parameter at wizpptp.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...

CVE-2024-52019

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wangateway parameter at geniefix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-52016

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component wlgadv.cgi via the apmodedns1pri and apmodedns1sec parameters. These vulnerabilities allow attackers to cause a Denial of Service DoS vi...

CVE-2024-52025

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoelocalip parameter at geniepppoe.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...

CVE-2024-52030

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptpusernetmask parameter at ruwanflow.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...

CVE-2024-52021

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wangateway parameter at bswfix.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-52014

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptpuserip parameter at geniepptp.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...

CVE-2024-52023

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoelocalip parameter at pppoe2.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...

CVE-2024-52018

Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the systemname parameter at geniedyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-1430

A vulnerability has been found in Netgear R7000 1.0.11.13610.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has...

CVE-2024-30571

An information leak in the BRStop.html component of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required...

CVE-2024-30568

Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter...

CVE-2024-30570

An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required...

CVE-2024-28339

An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required...

CVE-2024-28340

An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required...

CVE-2024-7153

A vulnerability classified as problematic has been found in Netgear WN604 up to 20240719. Affected is an unknown function of the file siteSurvey.php. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be use...