CVE-2019-12510

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API "/soap/serversa" by supplying a malicious X-Forwarded-For header of the device's LAN IP address 192.168.1.1 in every request. As a result, an attacker may...

CVE-2019-12511

In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled...

CVE-2022-27644

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files...

CVE-2019-12591

NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection...

CVE-2022-27645

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloudcontrol.cgi. The issue results from the lack of authenticatio...

CVE-2022-27643

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the...

CVE-2022-27641

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB module. The issue results from the lack of...

CVE-2025-50526

Netgear EX8000 V1.0.0.126 was discovered to contain a command injection vulnerability via the switchstatus function...

CVE-2025-45493

Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the iface parameter in the actionbandwidth function...

CVE-2025-45493

Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the iface parameter in the actionbandwidth function...

CVE-2025-45493

Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the iface parameter in the actionbandwidth function...

CVE-2025-50526

Netgear EX8000 V1.0.0.126 was discovered to contain a command injection vulnerability via the switchstatus function...

CVE-2025-50526

Netgear EX8000 V1.0.0.126 was discovered to contain a command injection vulnerability via the switchstatus function...

CVE-2025-45493

Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the iface parameter in the actionbandwidth function...

CVE-2025-50526

Netgear EX8000 V1.0.0.126 was discovered to contain a command injection vulnerability via the switchstatus function...

PT-2025-52767

Name of the Vulnerable Software and Affected Versions Netgear EX8000 version 1.0.0.126 Description The Netgear EX8000 version 1.0.0.126 contains a command injection issue. This occurs through the switch status function. The vulnerability allows for potential unauthorized command execution...

NETGEAR EX8000 安全漏洞

NETGEAR EX8000 is a wireless network signal extender from NETGEAR. A security vulnerability exists in NETGEAR EX8000 version V1.0.0.126, which originates from a command injection in the switchstatus function...

CVE-2025-45493

Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the iface parameter in the actionbandwidth function...

CVE-2025-50526

Netgear EX8000 V1.0.0.126 was discovered to contain a command injection vulnerability via the switchstatus function...

CVE-2025-50526

Netgear EX8000, v1.0.0.126, is affected by a command-injection vulnerability in the switch_status function. The CVE entry (CVE-2025-50526) indicates a high-severity impact (CVSS v3.1: 9.8, Confidentiality/Integrity/Availability all High) with network-exposed, no user interaction required. Affecte...