Filtered by vendor Netgear
Subscriptions
Total
1306 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-51635 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | 8.8 High |
| NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within fing_dil service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19843. | ||||
| CVE-2023-51634 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | 7.5 High |
| NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19589. | ||||
| CVE-2023-40480 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | 8.8 High |
| NETGEAR RAX30 DHCP Server Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DHCP server. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19705. | ||||
| CVE-2023-40479 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | 8.8 High |
| NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19704. | ||||
| CVE-2023-40478 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | 6.8 Medium |
| NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the telnet CLI service, which listens on TCP port 23. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20009. | ||||
| CVE-2023-34563 | 1 Netgear | 2 R6250, R6250 Firmware | 2024-12-09 | 9.8 Critical |
| netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overflow after authentication. | ||||
| CVE-2023-50089 | 1 Netgear | 2 Wnr2000, Wnr2000 Firmware | 2024-11-26 | 9.8 Critical |
| A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication. | ||||
| CVE-2023-2389 | 1 Netgear | 2 Srx5308, Srx5308 Firmware | 2024-11-22 | 2.4 Low |
| A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.emailServer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227667. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7153 | 1 Netgear | 1 Wn604 | 2024-11-21 | 5.3 Medium |
| A vulnerability classified as problematic has been found in Netgear WN604 up to 20240719. Affected is an unknown function of the file siteSurvey.php. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-6646 | 1 Netgear | 1 Wn604 | 2024-11-21 | 5.3 Medium |
| A vulnerability was found in Netgear WN604 up to 20240710. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /downloadFile.php of the component Web Interface. The manipulation of the argument file with the input config leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-5505 | 1 Netgear | 1 Prosafe Network Management System | 2024-11-21 | 8.8 High |
| NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpLoadServlet class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22724. | ||||
| CVE-2024-4235 | 1 Netgear | 1 Dg834gv5 | 2024-11-21 | 2.7 Low |
| A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-262126 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-1431 | 1 Netgear | 2 R7000, R7000 Firmware | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253382 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-1430 | 1 Netgear | 2 R7000, R7000 Firmware | 2024-11-21 | 4.3 Medium |
| A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-49694 | 1 Netgear | 1 Prosafe Network Management System | 2024-11-21 | 7.8 High |
| A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM. | ||||
| CVE-2023-49693 | 1 Netgear | 1 Prosafe Network Management System | 2024-11-21 | 9.8 Critical |
| NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code. | ||||
| CVE-2023-49007 | 1 Netgear | 2 Rbr750, Rbr750 Firmware | 2024-11-21 | 9.8 Critical |
| In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-based buffer overflow in /usr/sbin/httpd. | ||||
| CVE-2023-39550 | 1 Netgear | 6 Jwnr2000v2, Jwnr2000v2 Firmware, Xavn2001v2 and 3 more | 2024-11-21 | 8.8 High |
| Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the check_auth function. | ||||
| CVE-2023-38928 | 1 Netgear | 2 R7100lg, R7100lg Firmware | 2024-11-21 | 9.8 Critical |
| Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi. | ||||
| CVE-2023-38926 | 1 Netgear | 3 Ex6200, Ex6200 Firmware, Ex6200v1 | 2024-11-21 | 8.8 High |
| Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set. | ||||