Netgear Security Vulnerabilities
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000v2 before 1.0.0.53, D8500 before 1.0.3.44, R6220 before 1.1.0.80, R6250 before 1.0.4.34, R6260 before 1.1.0.64, R6400 before 1.0.1.46, R6400v2 before.....
8.8CVSS
8.8AI Score
0.002EPSS
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before...
4.8CVSS
5AI Score
0.001EPSS
Certain NETGEAR devices are affected by Stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30,.....
4.8CVSS
5.1AI Score
0.001EPSS
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before...
4.8CVSS
5AI Score
0.001EPSS
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30,.....
4.8CVSS
5AI Score
0.001EPSS
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, D3600 before 1.0.0.75, D6000 before 1.0.0.75, R9000 before 1.0.4.26, R8900 before 1.0.4.26, R7800 before 1.0.2.52, WNDR4500v3 before 1.0.0.58, WNDR4300v2 before...
7.2CVSS
7.1AI Score
0.001EPSS
NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to...
7.2CVSS
7.2AI Score
0.054EPSS
On NETGEAR GS728TPS devices through 5.3.0.35, a remote attacker having network connectivity to the web-administration panel can access part of the web panel, bypassing...
2.7CVSS
4.3AI Score
0.001EPSS
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext...
9.8CVSS
9.4AI Score
0.008EPSS
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this...
7.5CVSS
7.5AI Score
0.004EPSS
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF against all /goform/ URIs. An attacker can modify all settings including WEP/WPA/WPA2 keys, restore the router to factory settings, or even upload an entire malicious configuration...
8.8CVSS
8.6AI Score
0.001EPSS
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the web management interface (setup.cgi) are vulnerable to command injection, allowing remote attackers to execute arbitrary commands, as demonstrated by shell metacharacters in the sysDNSHost...
9.8CVSS
9.7AI Score
0.003EPSS
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. The web management interface (setup.cgi) has an authentication bypass and other problems that ultimately allow an attacker to remotely compromise the device from a malicious webpage. The attacker sends an FW_remote.htm&todo=cfg_init...
9.8CVSS
9.4AI Score
0.004EPSS
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the WNR1000V4 web management console are vulnerable to an unauthenticated GET request (exploitable directly or through CSRF), as demonstrated by the setup.cgi?todo=save_htp_account...
8.8CVSS
8.7AI Score
0.001EPSS
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple pages (setup.cgi and adv_index.htm) within the web management console are vulnerable to stored XSS, as demonstrated by the configuration of the UI...
6.1CVSS
6.2AI Score
0.001EPSS
In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled,....
9.8CVSS
10AI Score
0.009EPSS
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API ("/soap/server_sa") by supplying a malicious X-Forwarded-For header of the device's LAN IP address (192.168.1.1) in every request. As a result, an attacker may....
9.1CVSS
9.5AI Score
0.004EPSS
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login attempt. The value supplied by this header will be inserted into administrative logs, found at...
6.1CVSS
6AI Score
0.001EPSS
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will generate a log entry containing the malicious...
6.1CVSS
5.9AI Score
0.001EPSS
A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive...
9.3CVSS
9AI Score
0.002EPSS
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of path strings.....
9.4CVSS
9.3AI Score
0.007EPSS
An Information Disclosure vulnerability exists in the my config file in NEtGEAR WGR614 v7 and v9, which could let a malicious user recover all previously used passwords on the device, for both the control panel and WEP/WPA/WPA2, in plaintext. This is a different issue than...
6.5CVSS
4.8AI Score
0.001EPSS
An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to...
4.6CVSS
5.4AI Score
0.036EPSS
Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a...
9.8CVSS
9.4AI Score
0.013EPSS
Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak...
9.8CVSS
9.4AI Score
0.013EPSS
9.8CVSS
9.6AI Score
0.005EPSS
NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device...
7.5CVSS
7.5AI Score
0.002EPSS
Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom...
8.8CVSS
8.8AI Score
0.152EPSS
An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http:///apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration...
9.8CVSS
9.2AI Score
0.006EPSS
An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless...
7.5CVSS
7.3AI Score
0.006EPSS
9.8CVSS
9.3AI Score
0.034EPSS
NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF...
6.5CVSS
6.5AI Score
0.002EPSS
5.4CVSS
5.4AI Score
0.001EPSS
Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB...
9.8CVSS
9.2AI Score
0.003EPSS
NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL...
6.5CVSS
6.6AI Score
0.008EPSS
6.1CVSS
6.4AI Score
0.038EPSS
NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special...
9.8CVSS
9.4AI Score
0.072EPSS
Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and...
9.8CVSS
9.4AI Score
0.002EPSS
Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. The attacker can then, for example, visit MNU_accessPassword_recovered.html to obtain a valid new admin password. This affects AC1450, D8500, DC112A, JNDR3000, LG2200D,....
8.1CVSS
8.1AI Score
0.01EPSS
NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user...
7.5CVSS
7.7AI Score
0.001EPSS
An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in an invalid sequence to the service can cause a null pointer dereference, resulting in the hostapd.....
7.5CVSS
7.5AI Score
0.002EPSS
An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference,...
7.5CVSS
7.6AI Score
0.004EPSS
An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface Cross-Site Request Forgery token is stored in a dynamically generated JavaScript file, and therefore can be embedded in third party pages, and re-used against the Nighthawk web interface. This...
8.1CVSS
8AI Score
0.001EPSS
An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. System commands can be executed, via the web interface, after...
9.8CVSS
9.5AI Score
0.012EPSS
5.2CVSS
5.1AI Score
0.001EPSS
A stack-based buffer overflow in the upnpd binary running on NETGEAR WNDR3400v3 routers with firmware version 1.0.1.18_1.0.63 allows an attacker to remotely execute arbitrary code via a crafted UPnP SSDP...
9.8CVSS
9.6AI Score
0.006EPSS
An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid memory...
9.1CVSS
8.6AI Score
0.006EPSS
An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An unauthenticated, remote attacker can craft and send a...
5.3CVSS
5.9AI Score
0.001EPSS
In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command...
9.8CVSS
9.5AI Score
0.03EPSS
NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command...
7.6CVSS
7.4AI Score
0.001EPSS