CVE-2024-1431

A vulnerability was found in Netgear R7000 1.0.11.13610.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed ...

CVE-2024-30569

An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required...

CVE-2024-30572

Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntpserver parameter...

CVE-2024-50996

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the bpaserver parameter at geniebpa.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...

CVE-2024-50993

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at adminaccount.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-50999

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at password.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-12147

A vulnerability was found in Netgear R6900 1.0.1.261.0.20. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file upgradecheck.cgi of the component HTTP Header Handler. The manipulation of the argument Content-Length leads to buffer overflow. The...

CVE-2024-6646

A vulnerability was found in Netgear WN604 up to 20240710. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /downloadFile.php of the component Web Interface. The manipulation of the argument file with the input config leads to information...

CVE-2024-51001

Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the sysDNSHost parameter at ddns.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...

CVE-2024-51018

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptpusernetmask parameter at pptp.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...

CVE-2024-51009

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wangateway parameter at ether.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-51005

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sharename parameter at usbremotesmbconf.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-51003

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component apmode.cgi via the apmodedns1pri and apmodedns1sec parameters. These vulnerabilities allow attackers to cause a Denial of Service DoS vi...

CVE-2024-51021

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a command injection vulnerability via the wangateway parameter at geniefix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-51000

Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component wireless.cgi via the opmode, opmodean, and opmodean2 parameters. These vulnerabilities allow attackers to cause a Denial of Service DoS via a crafted POST request...

CVE-2024-51008

Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the systemname parameter at wizdyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-51004

Netgear R8500 v1.0.2.160 and R7000P v1.3.3.154 were discovered to multiple stack overflow vulnerabilities in the component usbdevice.cgi via the cifsuser, readaccess, and writeaccess parameters. These vulnerabilities allow attackers to cause a Denial of Service DoS via a crafted POST request...

CVE-2024-51015

Netgear R7000P v1.3.3.154 was discovered to contain a command injection vulnerability via the devicename2 parameter at operationmode.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-51019

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pppoelocalnetmask parameter at pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...

CVE-2024-51011

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoelocalip parameter at pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...