R8500 Firmware Security Vulnerabilities and Issues — R8500 Firmware CVE List

Lucene search

NetgearR8500 Firmware

43 matches found

CVE•added 2021/11/15 4:15 p.m.•114 views

CVE-2021-34991

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by de...

8.8CVSS8.9AI score0.00565EPSS

CVE•added 2020/04/16 10:15 p.m.•80 views

CVE-2019-20753

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects DGN2200v1 before 1.0.0.58, D8500 before 1.0.3.42, D7000v2 before 1.0.0.51, D6400 before 1.0.0.78, D6220 before 1.0.0.44, JNDR3000 before 1.0.0.24, R8000 before 1.0.4.18, R8500 before 1...

8.8CVSS8.9AI score0.00334EPSS

CVE•added 2021/08/11 12:17 a.m.•80 views

CVE-2021-38539

Certain NETGEAR devices are affected by privilege escalation. This affects D8500 before 1.0.3.44, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v3 before 1.0.2.66, R6900 before 1.0.2.4, R6900P before 1.3.2.126, R7000 before 1.0.9.42, R7000P before 1.3.2.126, R7100LG before 1.0.0.50, R7300DST ...

8.8CVSS8.6AI score0.00213EPSS

CVE•added 2020/04/16 8:15 p.m.•65 views

CVE-2019-20734

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.40, D8500 before 1.0.3.39, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.22, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150...

8.8CVSS9.1AI score0.0065EPSS

CVE•added 2020/04/24 2:15 p.m.•59 views

CVE-2017-18708

Certain NETGEAR devices are affected by CSRF. This affects R8300 before 1.0.2.94 and R8500 before 1.0.2.94.

8.8CVSS8.6AI score0.00167EPSS

CVE•added 2020/04/16 8:15 p.m.•58 views

CVE-2019-20739

NETGEAR R8500 devices before v1.0.2.128 are affected by a buffer overflow by an unauthenticated attacker.

8.8CVSS8.9AI score0.00336EPSS

CVE•added 2021/03/29 9:15 p.m.•56 views

CVE-2021-27239

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the upnpd service, which listens on UD...

8.8CVSS9AI score0.01925EPSS

CVE•added 2019/10/09 1:15 p.m.•53 views

CVE-2019-17372

Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. The attacker can then, for example, visit MNU_accessPassword_recovered.html to obtain a valid new admin password. This affects AC1450, D8500, DC112A, JNDR3000, LG2200D, ...

8.1CVSS8.1AI score0.0051EPSS

CVE•added 2023/03/29 7:15 p.m.•53 views

CVE-2022-27645

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication...

8.8CVSS8.9AI score0.00165EPSS

CVE•added 2020/04/22 3:15 p.m.•47 views

CVE-2017-18778

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6220 before 1.0.0.28, D6400 before 1.0.0.60, D7000 before 1.0.1.52, D7000v2 before 1.0.0.38, D7800 before 1.0.1.24, D8500 before 1.0.3.29, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.14, JWNR2010v...

8.4CVSS5.6AI score0.00055EPSS

CVE•added 2020/04/15 8:15 p.m.•47 views

CVE-2019-20680

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7000v2 before 1.0.0.53, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before ...

8CVSS8AI score0.00181EPSS

CVE•added 2020/04/16 8:15 p.m.•47 views

CVE-2019-20729

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JNDR3000 before 1.0.0.22, R6250 before 1.0.4.26, R6300v2 before 1.0.4.22, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6900 before 1.0.1.44, R7000 before 1.0.9.28, R6900P be...

8.1CVSS4.9AI score0.00141EPSS

CVE•added 2020/04/15 2:15 p.m.•47 views

CVE-2020-11770

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000v2 before 1.0.0.53, D8500 before 1.0.3.44, R6220 before 1.1.0.80, R6250 before 1.0.4.34, R6260 before 1.1.0.64, R6400 before 1.0.1.46, R6400v2 before 1...

8.8CVSS8.8AI score0.01072EPSS

CVE•added 2020/11/09 10:15 p.m.•46 views

CVE-2020-28373

upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. This affects R6400v2 V1.0.4.102_10.0.75, R6400 V1.0.1.62_1.0.41, R7000P V1.3.2.126_10.1.66, XR300 V1.0.3.50_10.3.36, R8000 V1.0.4.62, R8300 V1.0.2.136, R8500 V1.0.2.136, R7300...

8.8CVSS9AI score0.0011EPSS

CVE•added 2023/03/29 7:15 p.m.•46 views

CVE-2022-27642

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect str...

8.8CVSS7.2AI score0.00037EPSS

CVE•added 2020/04/21 7:15 p.m.•45 views

CVE-2017-18794

Certain NETGEAR devices are affected by command injection. This affects R6300v2 before 1.0.4.8_10.0.77, R6400 before 1.0.1.24, R6700 before 1.0.1.26, R7000 before 1.0.9.10, R7100LG before 1.0.0.32, R7900 before 1.0.1.18, R8000 before 1.0.3.54, R8500 before 1.0.2.100, and D6100 before 1.0.0.50_0.0.5...

8.4CVSS8.6AI score0.00368EPSS

CVE•added 2020/04/20 4:15 p.m.•45 views

CVE-2017-18842

Certain NETGEAR devices are affected by CSRF. This affects R7300 before 1.0.0.54, R8500 before 1.0.2.94, DGN2200v1 before 1.0.0.55, and D2200D/D2200DW-1FRNAS before 1.0.0.32.

8.8CVSS8.7AI score0.00167EPSS

CVE•added 2024/11/05 3:15 p.m.•45 views

CVE-2024-50993

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at admin_account.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

8CVSS8.3AI score0.00555EPSS

CVE•added 2024/11/05 3:15 p.m.•45 views

CVE-2024-52021

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at bsw_fix.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

8CVSS8.3AI score0.00647EPSS

CVE•added 2020/04/27 3:15 p.m.•43 views

CVE-2018-21093

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D8500 before 1.0.3.42, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150 before 1.0...

8.8CVSS8.9AI score0.00089EPSS

CVE•added 2020/04/27 6:15 p.m.•43 views

CVE-2018-21169

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7000 before 2018-03-01, D7800 before 1.0.1.31, D8500 before 1.0.3.36, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.14, JWNR2010v5 before 1.1.0.46, PR2000 before 2018-03-01, R6050 before 1.0.1.14, R...

8.8CVSS8.6AI score0.00129EPSS

CVE•added 2020/04/22 5:15 p.m.•42 views

CVE-2017-18755

Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.4.8, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000P before 1.0.0.86, R6900P before 1.0.0.56, R7300 before 1.0.0.54, R8300 before 1.0.2.106, R8500 before 1.0.2.106, DGN2200v4 before 1.0.0.86,...

8.8CVSS8.6AI score0.00167EPSS

CVE•added 2020/04/22 5:15 p.m.•41 views

CVE-2017-18752

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST b...

8.8CVSS6.4AI score0.0003EPSS

CVE•added 2023/03/29 7:15 p.m.•41 views

CVE-2022-27643

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAc...

8.8CVSS8.8AI score0.04651EPSS

CVE•added 2024/11/05 3:15 p.m.•41 views

CVE-2024-51009

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at ether.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

8CVSS8.3AI score0.00555EPSS

CVE•added 2024/11/05 3:15 p.m.•41 views

CVE-2024-52019

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

8CVSS8.3AI score0.00555EPSS

CVE•added 2023/03/29 7:15 p.m.•40 views

CVE-2022-27647

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists w...

8CVSS8AI score0.00064EPSS

CVE•added 2024/11/05 3:15 p.m.•40 views

CVE-2024-52020

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at wiz_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

8CVSS8.3AI score0.00647EPSS

CVE•added 2024/11/05 3:15 p.m.•40 views

CVE-2024-52022

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component wlg_adv.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

8CVSS8.4AI score0.00555EPSS

CVE•added 2020/04/23 4:15 p.m.•39 views

CVE-2017-18744

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6250 before 1.0.4.12, R6300v2 before 1.0.4.12, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7900 before 1.0.1.12, R8000 before 1.0.3.24, and R8500 before 1.0.2.74.

8.8CVSS8.9AI score0.0014EPSS

CVE•added 2020/04/20 2:15 p.m.•39 views

CVE-2017-18850

Certain NETGEAR devices are affected by authentication bypass. This affects D6220 before 1.0.0.26, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.12, R6400 before 1.01.24, R6400v2 before 1.0.2.30, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R6900P before 1.0.0.56, R7000 before 1...

8.4CVSS8.4AI score0.00076EPSS

CVE•added 2020/05/05 2:15 p.m.•39 views

CVE-2017-18864

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7000P before 1.0.0.56, R6900P before 1.0.0.56, R7100LG before 1.0.0.32, R7300 b...

8.8CVSS9AI score0.0065EPSS

CVE•added 2024/11/05 3:15 p.m.•39 views

CVE-2024-51005

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the share_name parameter at usb_remote_smb_conf.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

8CVSS8.3AI score0.00555EPSS

CVE•added 2024/11/05 3:15 p.m.•39 views

CVE-2024-51010

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component ap_mode.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

8CVSS8.4AI score0.00555EPSS

CVE•added 2020/04/23 4:15 p.m.•37 views

CVE-2017-18743

Certain NETGEAR devices are affected by authentication bypass. This affects R6300v2 before 1.0.4.8, R6400 before 1.0.1.20, R6700 before 1.0.1.20, R6900 before 1.0.1.20, R7000 before 1.0.7.10, R7100LG before V1.0.0.32, R7300DST before 1.0.0.52, R7900 before 1.0.1.16, R8000 before 1.0.3.36, R8300 bef...

8.8CVSS8.7AI score0.00161EPSS

CVE•added 2020/04/22 3:15 p.m.•37 views

CVE-2017-18772

Certain NETGEAR devices are affected by authentication bypass. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 be...

8.8CVSS8.7AI score0.00161EPSS

CVE•added 2020/04/22 3:15 p.m.•37 views

CVE-2017-18777

Certain NETGEAR devices are affected by administrative password disclosure. This affects D6220 before V1.0.0.28, D6400 before V1.0.0.60, D8500 before V1.0.3.29, DGN2200v4 before 1.0.0.82, DGN2200Bv4 before 1.0.0.82, R6300v2 before 1.0.4.8, R6400 before 1.0.1.20, R6700 before 1.0.1.20, R6900 before ...

8.4CVSS7.6AI score0.00053EPSS

CVE•added 2020/04/20 4:15 p.m.•37 views

CVE-2017-18849

Certain NETGEAR devices are affected by command injection. This affects D6220 before 1.0.0.26, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.12, R6400 before 1.01.24, R6400v2 before 1.0.2.30, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R6900P before 1.0.0.56, R7000 before 1.0.9...

8.4CVSS7.9AI score0.00253EPSS

CVE•added 2020/04/20 1:15 p.m.•36 views

CVE-2017-18852

Certain NETGEAR devices are affected by CSRF and authentication bypass. This affects R7300DST before 1.0.0.54, R8300 before 1.0.2.100_1.0.82, R8500 before 1.0.2.100_1.0.82, and WNDR3400v3 before 1.0.1.14.

8.8CVSS8.8AI score0.00035EPSS

CVE•added 2020/04/23 4:15 p.m.•35 views

CVE-2017-18742

Certain NETGEAR devices are affected by CSRF. This affects JR6150 before 1.0.1.10, R6050 before 1.0.1.10, R6250 before 1.0.4.12, R6300v2 before 1.0.4.8, R6700 before 1.0.1.16, R6900 before 1.0.1.16, R7300DST before 1.0.0.54, R7900 before 1.0.1.12, R8000 before 1.0.3.32, and R8500 before 1.0.2.74.

8.8CVSS8.6AI score0.00167EPSS

CVE•added 2020/04/23 5:15 p.m.•34 views

CVE-2017-18738

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects EX6150v2 before 1.0.1.54, R6400 before 1.0.1.24, R6400v2 before 1.0.2.32, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.10, R7000P before 1.2.0.22, R6900P before 1.2...

8.8CVSS8.9AI score0.00458EPSS

CVE•added 2020/04/20 4:15 p.m.•33 views

CVE-2017-18848

Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.0.36, AC1450 before 1.0.0.36, R7300 before 1.0.0.54, and R8500 before 1.0.2.94.

8.8CVSS8.6AI score0.00167EPSS

CVE•added 2020/04/23 5:15 p.m.•32 views

CVE-2017-18733

Certain NETGEAR devices are affected by authentication bypass. This affects D6220 before 1.0.0.28, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.8, R6400 before 1.0.1.22, R6400v2 before 1.0.2.32, R7100LG before 1.0.0.32, R7300DST before 1.0.0.52, R8300 before 1.0.2.94, and R8500 ...

8.8CVSS8.7AI score0.00161EPSS