11965 matches found
CVE-2025-28219
Netgear DC112A (firmware v1.0.0.64) is affected by an OS command injection in usb_adv.cgi. The vulnerability allows a remote attacker to trigger arbitrary command execution by sending a crafted value for the deviceName parameter via a POST request. Multiple CVE references (e.g., CVE-2025-28219) a...
CVE-2025-28219
Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in the usbadv.cgi, which allows remote attackers to execute arbitrary commands via parameter "deviceName" passed to the binary through a POST request...
CVE-2025-28219
Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in the usbadv.cgi, which allows remote attackers to execute arbitrary commands via parameter "deviceName" passed to the binary through a POST request...
PT-2025-16979 · NetGear · Netgear R61
Name of the Vulnerable Software and Affected Versions: Netgear R61 version 1.0.1.28 Description: A Buffer Overflow issue allows a remote attacker to execute arbitrary code via the QUERY STRING key value. Recommendations: For version 1.0.1.28, update to a newer version that contains a fix for this...
NETGEAR DGN2200 Privilege Issue Vulnerability
The NETGEAR DGN2200 is a wireless router from NETGEAR. The NETGEAR DGN2200 is vulnerable to a privilege issue. An attacker can exploit the vulnerability by adding "?x=1.gif" to the requested URL to be recognized as authenticated...
PT-2025-10025 · Manageengine · Zoho Manageengine Adselfservice Plus
Name of the Vulnerable Software and Affected Versions: Netgear EX6100 version 1.0.2.28 1.1.138 Description: A critical vulnerability exists in the Netgear EX6100, specifically within the sub 415EF8 function. This issue leads to a stack-based buffer overflow, potentially allowing remote attackers ...
The vulnerability of NETGEAR DGND2200 router microprogramming software, related to deficiencies in authentication procedures, allows attackers to circumvent existing security restrictions.
The vulnerability of NETGEAR DGND2200 router microprogramming software is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to circumvent existing security restrictions by adding the line “?x=1.gif” to the URL address...
The vulnerability of the web interface of Netgear C7800 router software allows a attacker to execute a type of “man-in-the-middle” attack.
The vulnerability of the web interface of Netgear C7800 router software lies in the deficiencies in the authentication process. Exploiting this vulnerability allows a remote attacker to execute a “man-in-the-middle” type attack...
CVE-2022-41545
The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 and possibly others authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transpor...
CVE-2024-57046
A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication...
CVE-2022-41545
The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 and possibly others authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transpor...
CVE-2022-41545
The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 and possibly others authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transpor...
CVE-2024-57046
A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication...
CVE-2024-57046
A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication...
NETGEAR DGN2200 安全漏洞
The NETGEAR DGN2200 is a wireless router from NETGEAR. The NETGEAR DGN2200 is vulnerable to a privilege issue. An attacker can exploit the vulnerability by adding "?x=1.gif" to the requested URL to be recognized as authenticated...
NETGEAR FVS336G Command Injection Vulnerability
The NETGEAR FVS336G is a VPN Virtual Private Network firewall router from NETGEAR. The NETGEAR FVS336G suffers from a command injection vulnerability. The vulnerability stems from the application failing to properly filter constructed command special characters, commands, and so on. An attacker...
CVE-2022-41545
The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 and possibly others authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transpor...
CVE-2024-57046
CVE-2024-57046 — Netgear DGN2200 authentication bypass . The Netgear DGN2200 router (firmware v1.0.0.46 and earlier) is affected. An attacker on the local network can bypass login by appending the URL parameter ?x=1.gif, effectively passing authentication and gaining unauthorized access to admini...
CVE-2024-57046
A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication...
CVE-2022-41545
Netgear C7800 Router (firmware 6.01.07 and possibly others) exposes admin credentials via basic authentication over HTTP, with credentials base64-encoded in the header and no transport security by default. This enables eavesdropping/MITM on authenticated requests over WLAN or LAN. Reported CVSSv3...