154 matches found
CVE-2021-34991
NETGEAR R6400v2 UPnP daemon contains a pre-authentication, stack-based buffer overflow in handling the UUID header, enabling network-adjacent attackers to execute code as root via crafted requests to port 5000. Documented by ZDI-21-1303 and corroborated across multiple sources; exploitation requi...
CVE-2018-21230
CVE-2018-21230 affects a broad range of NETGEAR routers (e.g., D1500, D500, D6100, D6220, D6400, D7000, D7800, D8500, DGN2200 variants, EX-series, R-series, WN-series, etc.) due to incorrect configuration of security settings. Connected sources list the affected models and firmware ranges (variou...
CVE-2018-21227
CVE-2018-21227 affects multiple NETGEAR routers: D7800 <1.0.1.34, R6400v2 <1.0.2.34, R6700 <1.0.1.30, R6900 <1.0.1.30, R6900P <1.0.0.62, R7000 <1.0.9.12, R7000P <1.0.0.62, R7500v2 <1.0.3.26, R7800 <1.0.2.42, R9000 <1.0.3.10, WNDR4300v2 <1.0.0.50, and WNDR4500v3
CVE-2018-21231
CVE-2018-21231 concerns multiple NETGEAR devices affected by an incorrect configuration of security settings. Affected models and firmware ranges include D1500 (<1.0.0.27), D500 (<1.0.0.27), D6100 (<1.0.0.57), D6220 (<1.0.0.40), D6400 (<1.0.0.74), D7000 (<1.0.1.60), D7800 (<1...
CVE-2020-13245
CVE-2020-13245 affects NETGEAR routers, notably the R7000 (versions 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10) and possibly additional models (R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, R7000P). The root cause is Missing SSL Certificate Va...
CVE-2017-18704
CVE-2017-18704 describes an information-disclosure vulnerability in various NETGEAR devices where an attacker can read arbitrary files. Affected models and firmware ranges include D6220 (< 1.0.0.32), D6400 (< 1.0.0.60), D8500 (< 1.0.3.29), R6250 (< 1.0.4.16), R6300v2 (< 1.0.4.18), ...
CVE-2019-20756
CVE-2019-20756 affects various NETGEAR routers and extenders (e.g., EX7000, EX6200, EX6150, EX6130, EX6120, EX6100, EX6000, EX3700, EX3800, R8300, R7300DST, R7000P, R6900P, R6400, R6300v2, R8500, WNDR3400v3, WN2500RPv2 with specific older firmware). The vulnerability is described as a reflected C...
CVE-2019-20753
CVE-2019-20753 affects a wide range of NETGEAR routers by a stack-based buffer overflow under unauthenticated access. Affected devices include DGN2200v1 (pre-1.0.0.58), D8500 (pre-1.0.3.42), D7000v2 (pre-1.0.0.51), D6400 (pre-1.0.0.78), D6220 (pre-1.0.0.44), JNDR3000 (pre-1.0.0.24), R8000 (pre-1....
CVE-2021-38539
CVE-2021-38539 affects multiple NETGEAR routers (D8500, R6400v2, R6700, R6700v3, R6900, R6900P, R7000, R7000P, R7100LG, R7300DST, R7900, R8300, R8500) with privilege-escalation, varying affected firmware baselines (e.g., D8500 < 1.0.3.44; R6400v2 < 1.0.2.66; R6700 < 1.0.2.6; R6700v3 <...
CVE-2021-40847
CVE-2021-40847 affects Netgear routers through the Circle parental controls update mechanism. The Circle update daemon (circled), enabled by default, fetches unsigned updates over HTTP and, under a MitM, can be tricked into delivering a crafted compressed database that overwrites executables with...
CVE-2022-48196
CVE-2022-48196 affects multiple NETGEAR routers (RAX40, RAX35, R6400v2, R6700v3, R6900P, R7000P, R7000, R7960P, R8000P) with a pre-auth buffer overflow vulnerability. Affected versions are: RAX40/ RAX35 < 1.0.2.60; R6400v2 < 1.0.4.122; R6700v3 < 1.0.4.122; R6900P < 1.0.4.122; R7000P &...
CVE-2019-20754
CVE-2019-20754 affects several NETGEAR devices due to a buffer overflow caused by a vulnerability exploitable by an authenticated user. Affected models include DGN2200/DGN2200B (before 1.0.0.58), D8500 (before 1.0.3.42), D7000v2 (before 1.0.0.51), D6400 (before 1.0.0.80), D6220 (before 1.0.0.44),...
CVE-2017-18700
CVE-2017-18700 affects multiple NETGEAR devices (D6400, D7000, D8500, EX6200, EX7000, R6250, R6300v2, R6400, R6400v2, R6700, R6900, R6900P, R7000, R7000P, R7100LG, R7300DST, R7900, R8000, R8300, R8500, R9000, WNDR3400v3, WNR3500Lv2, WNDR3700v5) with stored XSS. The vulnerability is triggered by u...
CVE-2019-20732
CVE-2019-20732 affects multiple NETGEAR devices through a command-injection vulnerability that can be triggered by an authenticated user. The issue is described across sources as impacting D6220 (before 1.0.0.40), D7000v2 (before 1.0.0.74), D8500 (before 1.0.3.39), DGN2200v4 (before 1.0.0.102), D...
CVE-2021-38516
CVE-2021-38516 targets NETGEAR devices where there is a lack of function-level access control. Affected devices include D6220 (before 1.0.0.48), D6400 (before 1.0.0.82), D7000v2 (before 1.0.0.52), D7800 (before 1.0.1.44), D8500 (before 1.0.3.43), and numerous other models (list in public advisori...
CVE-2021-38534
CVE-2021-38534 affects a wide range of NETGEAR routers and gateways. Based on the provided records, the vulnerability is described as stored cross-site scripting (XSS) impacting multiple device lines and numerous firmware versions (for example, D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6100 ...
CVE-2019-20728
CVE-2019-20728 affects a range of NETGEAR routers and gateways. The vulnerability is a buffer overflow triggered by an authenticated user, impacting multiple models (e.g., D6400, D7000v2, D7800, D8500, DGN2200v4, DGND2200Bv4, DM200, JNDR3000, RBK/RBR/RBS/RBW series, R6250, R6300v2, R6400/R6400v2,...
CVE-2019-20755
The CVE-2019-20755 entry concerns NETGEAR devices affected by a stack-based buffer overflow, exploitable by an authenticated user. Affected models and minimum/maximum versions are listed: D6220 (<1.0.0.46), D6400 (<1.0.0.80), D7000v2 (<1.0.0.51), D8500 (<1.0.3.42), DGN2200v1 (<1.0....
CVE-2020-35795
CVE-2020-35795 affects a wide range of NETGEAR devices (e.g., AC2100/AC2400/AC2600, CBK40/CBR40, D7800, EAX series, EX7500, MK62, MR60, MS60, R6120/6220/6230/6260/6330/6350/6400/6400v2/6700/6700v2/v3/6800/6850/6900P/6900/v2/7000/7000P/7200/7350/7400/7450/7800/7850/7900/8900/9000 and R-series/RAX/...
CVE-2024-12988
Netgear R6900P/R7000P (1.3.3.154) are affected by CVE-2024-12988 in the HTTP Header Handler, sub_16C4C. The Host parameter is mishandled, causing a buffer overflow that can be exploited remotely; public exploit exists. These devices are no longer supported by the maintainer. Remediation/public pa...
CVE-2020-35796
CVE-2020-35796 affects a broad set of NETGEAR devices (list includes CBR40, D6220, D6400, D7000v2, D8500, DC112A, DGN2200v4, EAX20/80, EX3700–EX7500, R-Series, XR300, etc.) with a pre-auth buffer overflow vulnerability. Root cause: improper handling/bounds checking leads to overflow when processi...
CVE-2021-38514
CVE-2021-38514 corresponds to an authentication bypass affecting numerous NETGEAR devices (examples: D3600, D6000, D6100, D6200, D6220, D6400, D7000, D7000v2, D7800, D8500, various WN/R series, XR500, etc.) with many revision thresholds (most listed “before” specific version numbers). Root cause ...
CVE-2021-38525
CVE-2021-38525 affects a large set of NETGEAR routers (e.g., D3600, D6000, D6200, D7000, EX6xxx, XR500, R6xxx, R7xxx, etc.) with a stack-based buffer overflow vulnerability exploitable by an authenticated user. The issue occurs in multiple models and firmware revisions listed in the vulnerability...
CVE-2019-20762
CVE-2019-20762 describes a buffer overflow affecting a range of NETGEAR routers and gateways when accessed by an authenticated user. Affected models and minimum/maximum firmware ranges identified in the sources include D8500 (< 1.0.3.43), R8500 (< 1.0.2.128), R8300 (< 1.0.2.128), R8000 (...
CVE-2020-35787
CVE-2020-35787 is a buffer overflow in a range of NETGEAR devices that can be triggered by an authenticated user. Affected products and firmware ranges include: D3600 < 1.0.0.76, D6000 < 1.0.0.76, D6200 < 1.1.00.36, D7000 < 1.0.1.70, EX6200v2 < 1.0.1.78, EX7000 < 1.0.1.78, EX800...
CVE-2019-20734
CVE-2019-20734 and CVE-2017-18864 describe a buffer overflow in multiple NETGEAR routers that can be triggered unauthenticatedly. Affected models include R6400/R6400v2, R6700, R6900, R7000/R7000P, R7100LG, R7300, R7900, R8300, R8500, and others listed in the advisories, with specific version thre...
CVE-2020-35798
CVE-2020-35798 covers unauthenticated command injection affecting a wide range of NETGEAR devices. Affected models and firmware versions include R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R6900P before 1.3.2.124, R7000 before 1.0.11.100, R7000P before 1.3.2.124, R7800 before 1.0.2.74, R785...
CVE-2022-44199
Netgear R7000P firmware version 1.3.1.64 is affected by CVE-2022-44199 due to a buffer overflow in the openvpn_server_ip parameter. Root cause: insufficient length validation for the openvpn_server_ip input, enabling an overflow condition. Impact as stated: potential denial of service or remote c...
CVE-2019-20730
The CVE-2019-20730 entry documents an SQL injection vulnerability affecting a wide range of NETGEAR consumer/enterprise routers and gateways. Affected devices include models such as D3600 (before 1.0.0.68), D6000 (before 1.0.0.68), D6200 (before 1.1.00.28), D6220 (before 1.0.0.40), D6400 (before ...
CVE-2021-34982
The CVE-2021-34982 entry describes a pre-auth, remote code execution vulnerability in the httpd service of NETGEAR routers. The flaw is a stack-based buffer overflow caused by unchecked length of user-supplied data in the strings file, leading to code execution with root privileges when a network...
CVE-2020-35800
CVE-2020-35800 affects a wide range of NETGEAR devices (e.g., AC2100/AC2400/AC2600, CBK40/CBR40, D6000/D6220/D6400/D7000v2/D7800/D8500/DC112A, EX-series, R-series, etc.). The root issue is an incorrect security settings configuration across these models, leading to a security misconfiguration. Th...
CVE-2021-38528
CVE-2021-38528 affects NETGEAR gateways (D8500 < 1.0.3.58; R6900P < 1.3.2.132; R7000P < 1.3.2.132; R7100LG < 1.0.0.64; WNDR3400v3 < 1.0.1.38; XR300
CVE-2021-27239
The CVE-2021-27239 issue affects NETGEAR R6400 and R6700 routers with firmware 1.0.4.98. The flaw resides in the upnpd service, which listens on UDP port 1900; a crafted MX header in an SSDP message can overflow a fixed-length stack-based buffer, allowing network-adjacent attackers to execute arb...
CVE-2022-27644
The CVE-2022-27644 issue affects NETGEAR R6700v3 routers (version 1.0.4.120_10.0.91). The root cause is failure to properly validate the server certificate during HTTPS-based file downloads, allowing network-adjacent attackers to compromise the integrity of downloaded information. The vulnerabili...
CVE-2022-44187
Affected product: NETGEAR R7000P, firmware version 1.3.0.8. Vulnerability: buffer overflow in the wan_dns1_pri parameter of the router’s software. Root cause/impact: potential for remote code execution with high impact (CVE-2022-44187). Exploitation status: not clearly confirmed in the CVE entry;...
CVE-2022-48176
CVE-2022-48176 affects Netgear routers: R7000P (pre-v1.3.3.154), R6900P (pre-v1.3.3.154), R7960P (pre-v1.4.4.94), and R8000P (pre-v1.4.4.94). The issue is a pre-authentication stack overflow in the device stack. Impact is described as high for confidentiality, integrity, and availability per CVSS...
CVE-2021-38520
CVE-2021-38520 affects several NETGEAR routers (R6400 before 1.0.1.52; R6400v2 before 1.0.4.84; R6700v3 before 1.0.4.84; R6700v2 before 1.2.0.62; R6900v2 before 1.2.0.62; R7000P before 1.3.2.124). Root cause reported as the system not filtering certain input characters, enabling command injection...
CVE-2022-44194
Netgear R7000P firmware v1.3.0.8 is affected by a buffer overflow in the apmode_dns1_pri and apmode_dns1_sec parameters. The issue, described across multiple sources, arises from a bound check failure in embedded software and yields high-impact outcomes (C/H/I/A) per CVSS v3.1 (9.8, CRITICAL) wit...
CVE-2022-44191
Summary (CVE-2022-44191) : Netgear R7000P router, version 1.3.1.64, is reported vulnerable to a buffer overflow triggered by inputs to the KEY1 and KEY2 parameters. The vulnerability is described as arising from lack of length validation on these inputs, with potential for remote code execution o...
CVE-2022-44193
CVE-2022-44193 affects Netgear R7000P v1.3.1.64, with a buffer overflow in /usr/sbin/httpd triggered by the parameters starthour, startminute, endhour, and endminute. The connected documents identify the affected product and version, and describe the underlying issue as a buffer overflow in the h...
CVE-2019-17372
CVE-2019-17372 affects multiple NETGEAR consumer routers (e.g., AC1450, D8500, R4500, R6300/R6300v2, R7000/R7000P, WNR3500L, WNDR4500/v2, WNDR4000, WNDR4500v2, WNR1000/v3, etc.). The underlying issue is an authentication bypass that allows remote attackers to disable all authentication by visitin...
CVE-2018-21139
CVE-2018-21139 affects multiple NETGEAR consumer/SMB routers (e.g., D1500, D500, D6100, D6200, D6400, D7000 series, DGN2200, WNDR/ R-series, etc.) with firmware versions before the listed thresholds (e.g., D1500 before 1.0.0.27, D6100 before 1.0.0.58, etc.). Root cause is sensitive information di...
CVE-2021-45622
CVE-2021-45622 describes a pre-auth command-injection on a broad set of NETGEAR devices. The affected family includes CBR40, CBR750, EAX20, EAX80, EX7500, LAX20, MK62, MR60, MS60, R6400 (and variants), R6700v3, R6900P, R7000 family (and P), R7850, R7900/ P, R7960P, R8000/ P, RAX15/20/200, RAX35v2...
CVE-2017-18785
CVE-2017-18785 affects a broad set of NETGEAR devices (e.g., D3600, D6000, D6100, D6200, D7000, D7800, D8500, DGN2200 variants, EX-series, R-series, WN-series, etc.) with various firmware versions (examples: D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, R6400 before 1.0.1.3...
CVE-2021-45550
CVE-2021-45550 affects various NETGEAR devices (e.g., D3600, D6000, D6100, D6220, D6400, D7800, D8500, DGN2200v4, R6250, R6300v2, R6400, R6400v2, R6700, R7000, R7100LG, R7300, R7900, R8000, R8300, R8500, XR500, and others listed) with a pre-auth or authenticated command-injection risk. The vulner...
CVE-2022-44200
Summary: CVE-2022-44200 affects Netgear R7000P routers (versions 1.3.0.8 and 1.3.1.64). A buffer overflow can occur via the parameters stamode_dns1_pri and stamode_dns1_sec , potentially enabling remote code execution or denial of service as described in connected sources. Other references corrob...
CVE-2022-44184
CVE-2022-44184 affects Netgear R7000P firmware version 1.3.0.8 due to a buffer overflow in the HTTP daemon at /usr/sbin/httpd triggered by the wan_dns1_sec parameter. The issue is described as enabling potential denial of service and, in some documents, remote code execution. Public details speci...
CVE-2023-36187
The CVE-2023-36187 vulnerability affects NETGEAR R6400v2 firmware, with the httpd service vulnerable to a pre-1.0.4.118 buffer overflow. The issue allows remote, unauthenticated attackers to execute arbitrary code via a crafted URL to httpd, with a CRITICAL impact (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/...
CVE-2024-51015
Netgear R7000P (v1.3.3.154) is affected by CVE-2024-51015 through a command-injection in the operation_mode.cgi endpoint via the device_name2 parameter. The underlying issue, as documented across multiple sources, enables an attacker to execute arbitrary OS commands by sending a crafted request, ...
CVE-2021-34983
NETGEAR multiple routers are affected by a pre-authentication httpd limitation that allows network-adjacent attackers to disclose sensitive information and potentially stored credentials. Root cause: lack of authentication before access to system configuration via the httpd service (port 80). The...