CVE-2023-38928

Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usbremoteinvite.cgi...

CVE-2023-38921

Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgradehandler function via the firmwareRestore and firmwareServerip parameters...

CVE-2023-38922

Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the httppasswd and httpusername parameters in the updateauth function...

CVE-2023-38412

Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wlassid and wlgssid parameters at iaapsetting.cgi...

CVE-2023-36499

Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wlassid and wlgssid parameters at genieapwifichange.cgi...

CVE-2023-34563

netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overflow after authentication...

CVE-2023-28338

Any request send to a Netgear Nighthawk Wifi6 Router RAX30's web service containing a “Content-Type” of “multipartboundary=” will result in the request body being written to “/tmp/mulipartFile” on the device itself. A sufficiently large file will cause device resources to be exhausted, resulting ...

CVE-2023-28337

When uploading a firmware image to a Netgear Nighthawk Wifi6 Router RAX30, a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the...

CVE-2023-27851

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that unintentionally allows users with upload permissions to execute arbitrary code on the device...

CVE-2023-27852

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device...

CVE-2023-27850

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device...

CVE-2023-27853

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device...

CVE-2023-38591

Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer overflows via the wlassid and wlatempssid parameters at bswssid.cgi...

CVE-2023-2396

A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument USERDBUsers.Password leads to cross site scripting. The attack can be initiated remotely. The...

CVE-2023-2395

A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the component Web Management Interface. The manipulation of the argument Login.userAgent leads to cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2023-2392

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been classified as problematic. Affected is an unknown function of the file scgi-bin/platform.cgi?page=timezone.htm of the component Web Management Interface. The manipulation of the argument ManualDate.minutes leads to cross site...

CVE-2023-2385

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been rated as problematic. This issue affects some unknown processing of the file scgi-bin/platform.cgi?page=ikepolicies.htm of the component Web Management Interface. The manipulation of the argument IpsecIKEPolicy.IKEPolicyName...

CVE-2023-2386

A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function of the file scgi-bin/platform.cgi?page=firewalllogsemail.htm of the component Web Management Interface. The manipulation of the argument smtpServer.toAddr leads to cross site...

CVE-2023-2380

A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227658 is...

CVE-2023-2382

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Affected by this issue is some unknown functionality of the file scgi-bin/platform.cgi?page=firewalllogsemail.htm of the component Web Management Interface. The manipulation of the argument...