PT-2024-8276 · NetGear · Netgear R8500

Name of the Vulnerable Software and Affected Versions: Netgear R8500 version 1.0.2.160 Description: The issue is related to a command injection vulnerability in the wan gateway parameter at the "wiz fix2.cgi" endpoint. This vulnerability allows attackers to execute arbitrary OS commands via a...

PT-2024-8275 · NetGear · Netgear R8500

Name of the Vulnerable Software and Affected Versions: Netgear R8500 version 1.0.2.160 Description: The issue is related to a command injection vulnerability in the wan gateway parameter at the "genie fix2.cgi" endpoint. This allows attackers to execute arbitrary OS commands via a crafted request...

NETGEAR XR300 安全漏洞

NETGEAR XR300 is a wireless router from NETGEAR. A security vulnerability exists in NETGEAR XR300 version v1.0.3.78, which stems from a buffer overflow vulnerability contained in the ssid parameter in the bridgewirelessmain.cgi component...

NETGEAR R7000P 安全漏洞

The NETGEAR R7000P is a wireless router from NETGEAR. A buffer overflow vulnerability exists in NETGEAR R7000P v1.3.3.154, which originates from the l2tpusernetmask parameter in the l2tp.cgi component that fails to correctly validate the length of the input data, and can be exploited by a remote...

NETGEAR R8500 安全漏洞

The NETGEAR R8500 is a wireless router from NETGEAR. A security vulnerability exists in the NETGEAR R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 versions, which stems from a vulnerability in the apmode.cgi component where the apmodedns1pri and apmode dns1sec...

CVE-2024-52019

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wangateway parameter at geniefix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

NETGEAR XR300、NETGEAR R7000P和NETGEAR R6400v2 安全漏洞

NETGEAR R6400v2 and others are products of NETGEAR USA.NETGEAR R6400v2 is a router.NETGEAR R7000P is a wireless router.NETGEAR XR300 is a wireless router. A security vulnerability exists in NETGEAR XR300 version v1.0.3.78, R7000P version v1.3.3.154, and R6400v2 version 1.0.4.128, which stems from...

CVE-2024-51021

Affected devices: NETGEAR XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 (v2 1.0.4.128). Vulnerability: Command injection via the wan_gateway parameter in the genie_fix2.cgi script. This allows an attacker to craft a request that executes arbitrary OS commands on the device. Impact and severity...

CVE-2024-45885

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to autodiscoveryclear...

CVE-2024-45893

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setSWMOption...

CVE-2024-45893

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setSWMOption...

CVE-2024-45889

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to commandTable...

CVE-2024-45887

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to doOpenVPN...

CVE-2024-45891

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to deletewlanprofile...

CVE-2024-45888

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setapmapconfig.'...

CVE-2024-45884

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setSWMGroup...

CVE-2024-45884

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setSWMGroup...

CVE-2024-45882

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to deletemapprofile...

CVE-2024-45890

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to downloadovpn...

CVE-2024-45885

DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to autodiscoveryclear...