EUVD-2023-32036

Malicious code in bioql PyPI...

The vulnerability of the PHP-FPM (FastCGI Process Manager) processor in the Nighthawk WiFi 6 Router software allows a hacker to bypass security restrictions, execute arbitrary code, and gain full control over the system.

The vulnerability of the PHP-FPM FastCGI Process Manager processor in Nighthawk WiFi 6 Router RAX30 involves unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to bypass security restrictions, execute arbitrary code, or gain full control over the system...

CVE-2023-28338

Any request send to a Netgear Nighthawk Wifi6 Router RAX30's web service containing a “Content-Type” of “multipartboundary=” will result in the request body being written to “/tmp/mulipartFile” on the device itself. A sufficiently large file will cause device resources to be exhausted, resulting ...

CVE-2023-28337

When uploading a firmware image to a Netgear Nighthawk Wifi6 Router RAX30, a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the...

CVE-2023-27850

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device...

CVE-2023-27853

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device...

The vulnerability of Nighthawk WiFi 6 Router (RAX30)’s microprogramming software, related to authentication procedures that allow attackers to execute arbitrary codes,

The vulnerability of Nighthawk WiFi 6 Router RAX30’s microprogramming software is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands with root privileges...

The vulnerability of the microprogramming software of the Nighthawk WiFi 6 Router (RAX30) allows a hacker to execute arbitrary code.

The vulnerability of the finddil function in the microprogramming software for Nighthawk WiFi 6 Routers RAX30 is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code with root privileges...

The vulnerability of the Nighthawk WiFi 6 Router (RAX30)’s microprogramming software processor allows a hacker to execute arbitrary code.

The vulnerability of the Nighthawk WiFi 6 Router RAX30 microprogramming system software processor is related to deficiencies in access control. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

The vulnerability of the CGI microprogramming interface of the Nighthawk WiFi 6 Router (RAX30) allows a hacker to execute arbitrary code.

The vulnerability of the CGI microprogramming interface of the Nighthawk WiFi 6 Router RAX30 lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the file-sharing mechanism of Nighthawk WiFi 6 Router (RAX30) allows a hacker to increase their privileges.

The vulnerability of the file-sharing mechanism of the Nighthawk WiFi 6 Router RAX30 software lies in the deficiencies of its authentication process. Exploiting this vulnerability allows a malicious actor to gain increased privileges remotely...

The vulnerability of Nighthawk WiFi 6 Router’s microprogramming software, related to the manipulation of inter-site requests, allows a hacker to perform a CSRF attack.

The vulnerability of Nighthawk WiFi 6 Router RAX30’s microprogramming software is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a remote attacker to execute a CSRF attack...

The vulnerability of the SOAP service of the Nighthawk WiFi 6 Router (RAX30) software allows a hacker to execute arbitrary code.

The vulnerability of the SOAP service in the Nighthawk WiFi 6 Router RAX30 microprogramming system lies in the use of uncontrolled format strings. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

The vulnerability of the file-sharing mechanism of Nighthawk WiFi 6 Router (RAX30) allows a hacker to execute arbitrary code.

The vulnerability of the file-sharing mechanism of Nighthawk WiFi 6 Router RAX30 is related to incorrect permission handling. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

CVE-2023-28338

Any request send to a Netgear Nighthawk Wifi6 Router RAX30's web service containing a “Content-Type” of “multipartboundary=” will result in the request body being written to “/tmp/mulipartFile” on the device itself. A sufficiently large file will cause device resources to be exhausted, resulting ...

NETGEAR Nighthawk WiFi6 Router Cross-Site Request Forgery Vulnerability

The NETGEAR Nighthawk WiFi6 Router is a series of routers from NETGEAR that support WiFi 6 technology and are aimed at users seeking a high-speed Internet experience. The NETGEAR Nighthawk WiFi6 Router suffers from a cross-site request forgery vulnerability that stems from the device not properly...

CVE-2023-27852

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device...

CVE-2023-27851

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that unintentionally allows users with upload permissions to execute arbitrary code on the device...

CVE-2023-27850

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device...

NETGEAR Nighthawk 安全漏洞

The NETGEAR Nighthawk WiFi6 Router is a series of wireless routers from NETGEAR. The NETGEAR Nighthawk WiFi6 Router suffers from a code execution vulnerability that stems from the device containing format strings in the SOAP service, which can be exploited by an attacker to execute arbitrary code...