CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11449 matches found

Netgear DGN2200 - Improper Authentication

A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the requested url, it will be recognized as passing the authentication. id: CVE-2024-57046 info: name: Netgear DGN2200...

8.8CVSS6AI score0.5027EPSS

Exploits1References3

Nuclei•added 16 hours ago•52 views

NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure

NETGEAR DGN2200 / DGND3700 is susceptible to a vulnerability within the page 'BSWcxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface. id:...

9.8CVSS7.3AI score0.59245EPSS

Exploits6References5

Nuclei•added 16 hours ago•52 views

NETGEAR ProSafe SSL VPN firmware - SQL Injection

NETGEAR ProSafe SSL VPN multiple firmware versions were discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi. id: CVE-2022-29383 info: name: NETGEAR ProSafe SSL VPN firmware - SQL Injection author: elitebaz severity: critical description: |...

9.8CVSS7.4AI score0.75246EPSS

Exploits1References5

Nuclei•added 16 hours ago•28 views

NETGEAR - Authentication Bypass

NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers are vulnerable to authentication bypass vulnerabilities which could allow network-adjacent attackers to bypass authentication on affected installations. id:...

8.8CVSS7.3AI score0.9036EPSS

Exploits0References5

Nuclei•added 16 hours ago•12 views

Netgear R6850 - Information Disclosure

Netgear R6850 router firmware version V1.1.0.88 contains an information leakage vulnerability in the debuginfo.htm page. This hidden interface is not protected by authentication, allowing unauthenticated attackers to access sensitive informationsuch as product model name, WAN connection type, and...

5.3CVSS5.8AI score0.13242EPSS

Exploits1References2

Nuclei•added 16 hours ago•24 views

NETGEAR Routers - Authentication Bypass

NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices are susceptible to authentication bypass via simple crafted requests to the web management server. id: CVE-2017-5521 info: name: NETGEAR Routers - Authentication Bypass...

8.1CVSS7.4AI score0.93804EPSS

Exploits7References5

Nuclei•added 16 hours ago•21 views

Netgear R6850 - Information Disclosure

Netgear R6850 router firmware version V1.1.0.88 contains an information leakage vulnerability in the currentsetting.htm page.This hidden interface is not protected by authentication, allowing unauthenticated attackers to access sensitive informationsuch as firmware version, model details,...

7.5CVSS5.8AI score0.28583EPSS

Exploits1References3

Nuclei•added yesterday•113 views

NUUO NVR camera `debugging_center_utils_.php` - Command Execution

debuggingcenterutils.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter. id: CVE-2016-5674 info: name: NUUO NVR camera debuggingcenterutils.p...

10CVSS7.8AI score0.89376EPSS

Exploits11References2

Nuclei•added yesterday•60 views

Netgear RAX43 1.0.3.96 - Command Injection/Authentication Bypass Buffer Overrun

Netgear RAX43 version 1.0.3.96 contains a command injection and authentication bypass vulnerability. The readycloudcontrol.cgi CGI application is vulnerable to command injection in the name parameter. Additionally, the URL parsing functionality in the cgi-bin endpoint of the router containers a...

8.8CVSS7.4AI score0.84613EPSS

Exploits0References5

Nuclei•added yesterday•29 views

Netgear R6850 V1.1.0.88 - Command Injection

Netgear R6850 router firmware version V1.1.0.88 suffers from a command injection vulnerability in the pingtest functionality. An unauthenticated attacker can inject arbitrary system commands through the c4IPAddr parameter, resulting in remote code execution as root. id: CVE-2024-30568 info: name:...

9.8CVSS6.5AI score0.89661EPSS

Exploits1References3

Nuclei•added 2 days ago•28 views

NETGEAR ProSAFE Plus - Unauthenticated Remote Code Execution

NETGEAR ProSAFE Plus before 2.6.0.43 is susceptible to unauthenticated remote code execution. Any HTML page is allowed as a valid endpoint to submit POST requests, allowing debug action via the submitId and debugCmd parameters. The problem is publicly exposed in the login.html webpage, which has ...

9.8CVSS7.9AI score0.93795EPSS

Exploits0References5

Nuclei•added 2 days ago•33 views

NETGEAR Routers - Remote Code Execution

NETGEAR routers R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly others allow...

9.3CVSS7.6AI score0.94257EPSS

Exploits9References5

Nuclei•added 2026/05/27 3:54 a.m.•41 views

Netgear-WN604 downloadFile.php - Information Disclosure

There is an information leakage vulnerability in the downloadFile.php interface of Netgear WN604. A remote attacker using file authentication can use this vulnerability to obtain the administrator account and password information of the wireless router, causing the router's background to be...

6.9CVSS6AI score0.90952EPSS

Exploits0References5

Nuclei•added 2026/04/28 1:48 p.m.•30 views

NETGEAR WNAP320 Access Point Firmware - Remote Command Injection

NETGEAR WNAP320 Access Point Firmware version 2.0.3 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2016-1555 info: name: NETGEAR WNAP320 Access Point Firmware - Remote Command Injection author: gy741 severity: critical...

10CVSS8.6AI score0.94332EPSS

Exploits5References5

VulnCheck KEV•added 2026/04/12 12:0 a.m.•4 views

VulnCheck KEV: CVE-2024-57046

A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication...

8.8CVSS5.8AI score0.5027EPSS

In wildExploits1References20

Packet Storm•added 2026/03/10 12:0 a.m.•114 views

📄 Router Fingerprint / Command Injection Scanner

This Python tool is designed to automatically identify the vendor of IoT routers through HTTP fingerprinting and attempt command-injection testing using vendor-specific payloads. The scanner analyzes HTTP headers and response bodies to detect device signatures from common manufacturers such as...

5.9AI score

Exploits0

RedhatCVE•added 2026/01/31 9:12 a.m.•6 views

CVE-2026-24714

Some end of service NETGEAR products provide "TelnetEnable" functionality, which allows a magic packet to activate telnet service on the box...

8.7CVSS7.2AI score0.00072EPSS

Exploits0References1

Japan Vulnerability Notes•added 2026/01/30 5:23 a.m.•3 views

Undocumented "TelnetEnable" functionality of End of Service NETGEAR products

Overview Some end of service NETGEAR products provide "TelnetEnable" functionality, which allows a magic packet to activate telnet service on the box. Inclusion of Undocumented Features or Chicken Bits CWE-1242 - CVE-2026-24714 Misato Ito, Daichi Uezono, Ryu Kuki, Iwaki Miyamoto, Takayuki Sasaki,...

8.7CVSS5.9AI score0.00072EPSS

Exploits0References4