Filtered by vendor Netgear
Subscribe
Total
1294 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-51001 | 1 Netgear | 2 R8500, R8500 Firmware | 2025-04-22 | N/A | N/A |
| Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the sysDNSHost parameter at ddns.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-51000 | 1 Netgear | 2 R8500, R8500 Firmware | 2025-04-22 | N/A | N/A |
| Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component wireless.cgi via the opmode, opmode_an, and opmode_an_2 parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-50999 | 1 Netgear | 2 R8500, R8500 Firmware | 2025-04-22 | N/A | N/A |
| Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at password.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | |||||
| CVE-2024-50998 | 1 Netgear | 2 R8500, R8500 Firmware | 2025-04-22 | N/A | N/A |
| Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component openvpn.cgi via the openvpn_service_port and openvpn_service_port_tun parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-50995 | 1 Netgear | 2 R8500, R8500 Firmware | 2025-04-22 | N/A | N/A |
| Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the share_name parameter at usb_remote_smb_conf.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-50994 | 1 Netgear | 2 R8500, R8500 Firmware | 2025-04-22 | N/A | N/A |
| Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component ipv6_fix.cgi via the ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, and ipv6_lan_length parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-50993 | 1 Netgear | 2 R8500, R8500 Firmware | 2025-04-22 | N/A | N/A |
| Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at admin_account.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | |||||
| CVE-2025-29044 | 1 Netgear | 2 R6100, R6100 Firmware | 2025-04-21 | N/A | N/A |
| Buffer Overflow vulnerability in Netgear- R61 router V1.0.1.28 allows a remote attacker to execute arbitrary code via the QUERY_STRING key value | |||||
| CVE-2022-47210 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-04-17 | N/A | 7.8 HIGH |
| The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device. | |||||
| CVE-2022-47209 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-04-17 | N/A | 8.8 HIGH |
| A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is “support” and cannot be changed by a user via any normally accessible means. | |||||
| CVE-2022-47208 | 1 Netgear | 12 Nighthawk Ax11000, Nighthawk Ax11000 Firmware, Nighthawk Ax1800 and 9 more | 2025-04-17 | N/A | 8.8 HIGH |
| The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication. | |||||
| CVE-2022-46423 | 1 Netgear | 2 Wnr2000, Wnr2000 Firmware | 2025-04-17 | N/A | 8.1 HIGH |
| An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v1.2.3.7 and earlier. | |||||
| CVE-2022-46422 | 1 Netgear | 2 Wnr2000, Wnr2000 Firmware | 2025-04-17 | N/A | 4.8 MEDIUM |
| An issue in Netgear WNR2000 v1 1.2.3.7 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. | |||||
| CVE-2024-54804 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2025-04-17 | N/A | N/A |
| Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter wan_hostname and forcing a reboot. This will result in command injection. | |||||
| CVE-2024-54805 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2025-04-17 | N/A | N/A |
| Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter get_email. After which, they can visit the send_log.cgi endpoint which uses the parameter in a system call to achieve command execution. | |||||
| CVE-2024-54806 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2025-04-17 | N/A | N/A |
| Netgear WNR854T 1.5.2 (North America) is vulnerable to Arbitrary command execution in cmd.cgi which allows for the execution of system commands via the web interface. | |||||
| CVE-2024-54807 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2025-04-17 | N/A | N/A |
| In Netgear WNR854T 1.5.2 (North America), the UPNP service is vulnerable to command injection in the function addmap_exec which parses the NewInternalClient parameter of the AddPortMapping SOAPAction into a system call without sanitation. An attacker can send a specially crafted SOAPAction request for AddPortMapping via the router's WANIPConn1 service to achieve arbitrary command execution. | |||||
| CVE-2024-54808 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2025-04-17 | N/A | N/A |
| Netgear WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the SetDefaultConnectionService function due to an unconstrained use of sscanf. The vulnerability allows for control of the program counter and can be utilized to achieve arbitrary code execution. | |||||
| CVE-2024-54809 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2025-04-17 | N/A | N/A |
| Netgear Inc WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the parse_st_header function due to use of a request header parameter in a strncpy where size is determined based on the input specified. By sending a specially crafted packet, an attacker can take control of the program counter and hijack control flow of the program to execute arbitrary system commands. | |||||
| CVE-2022-46424 | 1 Netgear | 2 Xwn5001, Xwn5001 Firmware | 2025-04-16 | N/A | 8.1 HIGH |
| An exploitable firmware modification vulnerability was discovered on the Netgear XWN5001 Powerline 500 WiFi Access Point. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v0.4.1.1 and earlier. | |||||