Filtered by vendor Netgear
Subscribe
Total
1127 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47208 | 1 Netgear | 12 Nighthawk Ax11000, Nighthawk Ax11000 Firmware, Nighthawk Ax1800 and 9 more | 2023-12-10 | N/A | 8.8 HIGH |
| The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication. | |||||
| CVE-2023-1327 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device's web management interface by resetting the admin password. | |||||
| CVE-2022-44193 | 1 Netgear | 2 R7000p, R7000p Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameters: starthour, startminute , endhour, and endminute. | |||||
| CVE-2022-44187 | 1 Netgear | 2 R7000p, R7000p Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via wan_dns1_pri. | |||||
| CVE-2023-28338 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2023-12-10 | N/A | 7.5 HIGH |
| Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s web service containing a “Content-Type” of “multipartboundary=” will result in the request body being written to “/tmp/mulipartFile” on the device itself. A sufficiently large file will cause device resources to be exhausted, resulting in the device becoming unusable until it is rebooted. | |||||
| CVE-2023-23110 | 1 Netgear | 18 D6100, D6100 Firmware, Dgn1000v3 and 15 more | 2023-12-10 | N/A | 7.4 HIGH |
| An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification. This affects WNR612v2 Wireless Routers 1.0.0.3 and earlier, DGN1000v3 Modem Router 1.0.0.22 and earlier, D6100 WiFi DSL Modem Routers 1.0.0.63 and earlier, WNR1000v2 Wireless Routers 1.1.2.60 and earlier, XAVN2001v2 Wireless-N Extenders 0.4.0.7 and earlier, WNR2200 Wireless Routers 1.0.1.102 and earlier, WNR2500 Wireless Routers 1.0.0.34 and earlier, R8900 Smart WiFi Routers 1.0.3.6 and earlier, and R9000 Smart WiFi Routers 1.0.3.6 and earlier. | |||||
| CVE-2022-44198 | 1 Netgear | 2 R7000p, R7000p Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_push1. | |||||
| CVE-2022-44191 | 1 Netgear | 2 R7000p, R7000p Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameters KEY1 and KEY2. | |||||
| CVE-2022-47210 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2023-12-10 | N/A | 7.8 HIGH |
| The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device. | |||||
| CVE-2023-1205 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2023-12-10 | N/A | 8.8 HIGH |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections. | |||||
| CVE-2023-27851 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2023-12-10 | N/A | 8.8 HIGH |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that unintentionally allows users with upload permissions to execute arbitrary code on the device. | |||||
| CVE-2022-44199 | 1 Netgear | 2 R7000p, R7000p Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_server_ip. | |||||
| CVE-2022-47052 | 1 Netgear | 2 Ac1200 R6220, Ac1200 R6220 Firmware | 2023-12-10 | N/A | 6.1 MEDIUM |
| The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi Router' is vulnerable to a CRLF Injection attack that can be leveraged to perform Reflected XSS and HTML Injection. A malicious unauthenticated attacker can exploit this vulnerability using a specially crafted URL. This affects firmware versions: V1.1.0.112_1.0.1, V1.1.0.114_1.0.1. | |||||
| CVE-2022-48322 | 1 Netgear | 12 Mr60, Mr60 Firmware, Ms60 and 9 more | 2023-12-10 | N/A | 9.8 CRITICAL |
| NETGEAR Nighthawk WiFi Mesh systems and routers are affected by a stack-based buffer overflow vulnerability. This affects MR60 before 1.1.7.132, MS60 before 1.1.7.132, R6900P before 1.3.3.154, R7000P before 1.3.3.154, R7960P before 1.4.4.94, and R8000P before 1.4.4.94. | |||||
| CVE-2022-44196 | 1 Netgear | 2 R7000p, R7000p Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_push1. | |||||
| CVE-2022-44197 | 1 Netgear | 2 R7000p, R7000p Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_server_ip. | |||||
| CVE-2023-27852 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device. | |||||
| CVE-2022-46424 | 1 Netgear | 2 Xwn5001, Xwn5001 Firmware | 2023-12-10 | N/A | 8.1 HIGH |
| An exploitable firmware modification vulnerability was discovered on the Netgear XWN5001 Powerline 500 WiFi Access Point. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v0.4.1.1 and earlier. | |||||
| CVE-2022-44188 | 1 Netgear | 2 R7000p, R7000p Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter enable_band_steering. | |||||
| CVE-2022-48176 | 1 Netgear | 12 Mr60, Mr60 Firmware, Ms60 and 9 more | 2023-12-10 | N/A | 7.8 HIGH |
| Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow. | |||||