EUVD-2026-26386

A Cross-Site Request Forgery CSRF vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF tokens or strict Origin/Referer validation for administrative API endpoints. An attacker can craft ...

Exploit for CVE-2020-24586

Fracture FragAttacks WiFi Penetration Framework CVE-202...

EUVD-2026-5154

Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior does not implement CSRF protections for administrative functions in the web management interface. The interface does not enforce anti-CSRF tokens or robust origin validation, which can allow an attacker to induce a logged-in administrat...

CVE-2026-0405

An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin...

CVE-2026-0405

An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin...

CVE-2026-0405 Authentication Bypass in NETGEAR Orbi Devices

An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin...

CVE-2026-0405

CVE-2026-0405 affects NETGEAR Orbi devices: an authentication bypass allows users on the local network to access the router web interface with admin privileges. Exploitation requires local network access (attack vector: adjacent, low complexity, no user interaction). Impact per metrics is HIGH fo...

CVE-2026-0405 Authentication Bypass in NETGEAR Orbi Devices

An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin...

Design/Logic Flaw

Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity who has access to the router admin panel to conduct a DOM-based stored XSS attack that can fetch remote resources. The payload is executed at index.htmladvancedlocation aka the Device Location page...

CVE-2024-28089

Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity who has access to the router admin panel to conduct a DOM-based stored XSS attack that can fetch remote resources. The payload is executed at index.htmladvancedlocation aka the Device Location page...

NetGear D1500 1.0.0.21_1.0.1PE Cross Site Scripting

Exploit Title: NetGear D1500 V1.0.0.211.0.1PE - 'Wireless Repeater' Stored Cross-Site Scripting XSS Date: 21 Dec 2018 Exploit Author: Securityium Vendor Homepage: https://www.netgear.com/ Version: V1.0.0.211.0.1PE Tested on: NetGear D1500 Home Router Contact: [email protected] Version :...

Netgear WiFi Router R6120 - Credential Disclosure

Exploit Title: NETGEAR WiFi Router R6120 - Credential Disclosure Date: 2018-10-28 Exploit Author: Wadeek Hardware Version: R6120 Firmware Version: 1.0.0.30 Vendor Homepage: https://www.netgear.com/support/product/R6120.aspx Firmware Link:...

Allegro Software Development RomPager Security Bypass Vulnerability

Allegro Software Development RomPager is an embedded Web server toolkit that allows users to manage and control World Wide Web WWW services for network devices such as network printers, switches, and routers using a common Web browser. A security vulnerability in Allegro Software Development...

NETGEAR WNR1000v3 Password Recovery Vulnerability

Description: Newer firmware versions of the NETGEAR N150 WNR1000v3 wireless router are affected by a password recovery vulnerability. Exploiting this vulnerability allows an attacker to recover the router's plaintext Administrator credentials and subsequently gain full access to the device. This...