Filtered by vendor Netgear
Subscribe
Total
1127 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44184 | 1 Netgear | 2 R7000p, R7000p Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_sec. | |||||
| CVE-2022-46422 | 1 Netgear | 2 Wnr2000, Wnr2000 Firmware | 2023-12-10 | N/A | 4.8 MEDIUM |
| An issue in Netgear WNR2000 v1 1.2.3.7 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. | |||||
| CVE-2022-44200 | 1 Netgear | 2 R7000p, R7000p Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow via parameters: stamode_dns1_pri and stamode_dns1_sec. | |||||
| CVE-2023-27853 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device. | |||||
| CVE-2023-28337 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2023-12-10 | N/A | 8.8 HIGH |
| When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the device. | |||||
| CVE-2022-44190 | 1 Netgear | 2 R7000p, R7000p Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter enable_band_steering. | |||||
| CVE-2022-47209 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2023-12-10 | N/A | 8.8 HIGH |
| A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is “support” and cannot be changed by a user via any normally accessible means. | |||||
| CVE-2023-24498 | 1 Netgear | 2 Prosafe Fs726tp, Prosafe Fs726tp Firmware | 2023-12-10 | N/A | 7.5 HIGH |
| An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text. | |||||
| CVE-2023-27850 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2023-12-10 | N/A | 6.8 MEDIUM |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device. | |||||
| CVE-2022-4390 | 1 Netgear | 2 Ax2400, Ax2400 Firmware | 2023-12-10 | N/A | 10.0 CRITICAL |
| A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions do not appear to be applied to the WAN interface for IPv6. This allows arbitrary access to any services running on the device that may be inadvertently listening via IPv6, such as the SSH and Telnet servers spawned on ports 22 and 23 by default. This misconfiguration could allow an attacker to interact with services only intended to be accessible by clients on the local network. | |||||
| CVE-2022-38956 | 1 Netgear | 2 Wpn824ext, Wpn824ext Firmware | 2023-12-10 | N/A | 5.3 MEDIUM |
| An exploitable firmware downgrade vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to replace the user-uploaded firmware image with an original old firmware image. This affects Firmware 1.1.1_1.1.9 and earlier. | |||||
| CVE-2022-37234 | 1 Netgear | 2 R7000, R7000 Firmware | 2023-12-10 | N/A | 7.8 HIGH |
| Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncpy. | |||||
| CVE-2022-37235 | 1 Netgear | 2 R7000, R7000 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncat | |||||
| CVE-2022-37232 | 1 Netgear | 2 Wnr2000v4, Wnr2000v4 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable to Buffer Overflow via uhttpd. There is a stack overflow vulnerability caused by strcpy. | |||||
| CVE-2022-31937 | 1 Netgear | 2 Wnr2000v4, Wnr2000v4 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| Netgear N300 wireless router wnr2000v4-V1.0.0.70 was discovered to contain a stack overflow via strcpy in uhttpd. | |||||
| CVE-2022-42221 | 1 Netgear | 2 R6220, R6220 Firmware | 2023-12-10 | N/A | 8.8 HIGH |
| Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, resulting in a command injection vulnerability. | |||||
| CVE-2022-38955 | 1 Netgear | 2 Wpn824ext, Wpn824ext Firmware | 2023-12-10 | N/A | 7.5 HIGH |
| An exploitable firmware modification vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. An attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the CRC check. A successful attack can either introduce a backdoor to the device or make the device DoS. This affects Firmware Version: 1.1.1_1.1.9. | |||||
| CVE-2021-34236 | 1 Netgear | 2 R8000, R8000 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
| Buffer Overflow in Netgear R8000 Router with firmware v1.0.4.56 allows remote attackers to execute arbitrary code or cause a denial-of-service by sending a crafted POST to '/bd_genie_create_account.cgi' with a sufficiently long parameter 'register_country'. | |||||
| CVE-2021-44261 | 1 Netgear | 10 R6220, R6220 Firmware, R6900 and 7 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device. | |||||
| CVE-2022-27947 | 1 Netgear | 2 R8500, R8500 Firmware | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
| NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameter. | |||||