CVE-2025-12940

Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points. An user having access to the syslog server can read the logs containing these credentials. This issue affects...

NETGEAR WG302 Command Injection Vulnerability

NETGEAR WG302 is a wireless access point from NETGEAR. A security vulnerability exists in the NETGEAR WG302v2 version v5.2.9, WAG302v2 version v5.1.19, which stems from the firmwareRestore and firmwareServerip parameters in the upgradehandler function containing multiple command injection...

Cross-Site Request Forgery Vulnerability in Multiple NETGEAR Products (CNVD-2020-28139)

The NETGEAR WAC505 and others are a wireless access point AP from NETGEAR. A cross-site request forgery vulnerability exists in multiple NETGEAR products, which stems from a WEB application that does not adequately validate that a request is coming from a trusted user, and can be exploited by an...

NETGEAR WAC505 and WAC510 Input Validation Error Vulnerability (CNVD-2020-27204)

Both the NETGEAR WAC505 and NETGEAR WAC510 are a wireless access point AP from NETGEAR. An input validation error vulnerability exists in the NETGEAR WAC505 prior to version 8.0.6.4 and the WAC510 prior to version 8.0.6.4, which can be exploited by an attacker to cause a denial of service...

VulnCheck KEV: CVE-2016-1555

Multiple NETGEAR Wireless Access Point devices allows unauthenticated web pages to pass form input directly to the command-line interface. Exploitation allows for arbitrary code execution...