Filtered by vendor Netgear
Subscriptions
Total
1248 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-48176 | 1 Netgear | 12 Mr60, Mr60 Firmware, Ms60 and 9 more | 2025-03-28 | 7.8 High |
| Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow. | ||||
| CVE-2023-23110 | 1 Netgear | 18 D6100, D6100 Firmware, Dgn1000v3 and 15 more | 2025-03-26 | 7.4 High |
| An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification. This affects WNR612v2 Wireless Routers 1.0.0.3 and earlier, DGN1000v3 Modem Router 1.0.0.22 and earlier, D6100 WiFi DSL Modem Routers 1.0.0.63 and earlier, WNR1000v2 Wireless Routers 1.1.2.60 and earlier, XAVN2001v2 Wireless-N Extenders 0.4.0.7 and earlier, WNR2200 Wireless Routers 1.0.1.102 and earlier, WNR2500 Wireless Routers 1.0.0.34 and earlier, R8900 Smart WiFi Routers 1.0.3.6 and earlier, and R9000 Smart WiFi Routers 1.0.3.6 and earlier. | ||||
| CVE-2022-48322 | 1 Netgear | 12 Mr60, Mr60 Firmware, Ms60 and 9 more | 2025-03-21 | 9.8 Critical |
| NETGEAR Nighthawk WiFi Mesh systems and routers are affected by a stack-based buffer overflow vulnerability. This affects MR60 before 1.1.7.132, MS60 before 1.1.7.132, R6900P before 1.3.3.154, R7000P before 1.3.3.154, R7960P before 1.4.4.94, and R8000P before 1.4.4.94. | ||||
| CVE-2024-35518 | 1 Netgear | 2 Ex6120, Ex6120 Firmware | 2025-03-19 | 8.4 High |
| Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri parameter. | ||||
| CVE-2023-24498 | 1 Netgear | 2 Prosafe Fs726tp, Prosafe Fs726tp Firmware | 2025-03-18 | 7.5 High |
| An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text. | ||||
| CVE-2024-35519 | 1 Netgear | 6 Ex3700, Ex3700 Firmware, Ex6100 and 3 more | 2025-03-17 | 8.4 High |
| Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter. | ||||
| CVE-2024-36787 | 1 Netgear | 1 Wnr614 Firmware | 2025-03-13 | 8.8 High |
| An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors. | ||||
| CVE-2024-35522 | 1 Netgear | 3 Ex3700, Ex3700 Ac750, Ex3700 Firmware | 2025-03-13 | 8.4 High |
| Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1 and ap_24g_manual_sec set to NotNone. | ||||
| CVE-2024-35517 | 1 Netgear | 2 Xr1000, Xr1000 Firmware | 2025-03-13 | 8.4 High |
| Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter. | ||||
| CVE-2023-48725 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-03-11 | 7.2 High |
| A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2023-27850 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-02-28 | 6.8 Medium |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device. | ||||
| CVE-2023-1205 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-02-28 | 8.8 High |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections. | ||||
| CVE-2023-27853 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-02-27 | 9.8 Critical |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device. | ||||
| CVE-2023-27851 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-02-27 | 8.8 High |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that unintentionally allows users with upload permissions to execute arbitrary code on the device. | ||||
| CVE-2023-27852 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-02-27 | 9.8 Critical |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device. | ||||
| CVE-2023-1327 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-02-27 | 9.8 Critical |
| Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device's web management interface by resetting the admin password. | ||||
| CVE-2023-28337 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-02-27 | 8.8 High |
| When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the device. | ||||
| CVE-2023-28338 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-02-27 | 7.5 High |
| Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s web service containing a “Content-Type” of “multipartboundary=” will result in the request body being written to “/tmp/mulipartFile” on the device itself. A sufficiently large file will cause device resources to be exhausted, resulting in the device becoming unusable until it is rebooted. | ||||
| CVE-2022-38452 | 1 Netgear | 2 Rbs750, Rbs750 Firmware | 2025-02-26 | 7.2 High |
| A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability. | ||||
| CVE-2022-38458 | 1 Netgear | 2 Rbs750, Rbs750 Firmware | 2025-02-26 | 6.5 Medium |
| A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. | ||||