Vulnerabilities (CVE)

Filtered by vendor Netgear Subscribe
Total 1285 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-1877 1 Netgear 1 Fm114p 2025-04-03 7.5 HIGH N/A
NETGEAR FM114P allows remote attackers to bypass access restrictions for web sites via a URL that uses the IP address instead of the hostname.
CVE-2003-1427 1 Netgear 1 Fm114p 2025-04-03 6.4 MEDIUM N/A
Directory traversal vulnerability in the web configuration interface in Netgear FM114P 1.4 allows remote attackers to read arbitrary files, such as the netgear.cfg configuration file, via a hex-encoded (%2e%2e%2f) ../ (dot dot slash) in the port parameter.
CVE-2004-2557 1 Netgear 1 Wg602 2025-04-03 5.0 MEDIUM N/A
NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration.
CVE-2006-1002 1 Netgear 1 Wgt624 2025-04-03 10.0 HIGH N/A
NETGEAR WGT624 Wireless DSL router has a default account of super_username "Gearguy" and super_passwd "Geardog", which allows remote attackers to modify the configuration. NOTE: followup posts have suggested that this might not occur with all WGT624 routers.
CVE-2006-1003 1 Netgear 1 Wgt624 2025-04-03 5.0 MEDIUM N/A
The backup configuration option in NETGEAR WGT624 Wireless Firewall Router stores sensitive information in cleartext, which allows remote attackers to obtain passwords and gain privileges.
CVE-2004-2032 1 Netgear 1 Rp114 2025-04-03 7.5 HIGH N/A
Netgear RP114 allows remote attackers to bypass the keyword based URL filtering by requesting a long URL, as demonstrated using a large number of %20 (hex-encoded space) sequences.
CVE-2002-1892 1 Netgear 1 Fvs318 2025-04-03 2.1 LOW N/A
NETGEAR FVS318 running firmware 1.1 stores the username and password in a readable format when a backup of the configuration file is made, which allows local users to obtain sensitive information.
CVE-2004-2556 1 Netgear 1 Wg602 2025-04-03 5.0 MEDIUM N/A
NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration.
CVE-2006-4143 1 Netgear 1 Fvg318 2025-04-03 7.8 HIGH N/A
Netgear FVG318 running firmware 1.0.40 allows remote attackers to cause a denial of service (router reset) via TCP packets with bad checksums.
CVE-2002-2355 1 Netgear 1 Fm114p 2025-04-03 7.1 HIGH N/A
Netgear FM114P firmware 1.3 wireless firewall, when configured to backup configuration information, stores DDNS (DynDNS) user name and password, MAC address filtering table and possibly other information in cleartext, which could allow local users to obtain sensitive information.
CVE-2001-0888 3 Atmel, Linksys, Netgear 3 Firmware, Wap11, Me102 2025-04-03 5.0 MEDIUM N/A
Atmel Firmware 1.3 Wireless Access Point (WAP) allows remote attackers to cause a denial of service via a SNMP request with (1) a community string other than "public" or (2) an unknown OID, which causes the WAP to deny subsequent SNMP requests.
CVE-2005-0291 1 Netgear 1 Fvs318 2025-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via a blocked URL phrase.
CVE-2002-0127 1 Netgear 1 Rp114 2025-04-03 5.0 MEDIUM N/A
Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured to block traffic below port 1024, allows remote attackers to cause a denial of service (hang) via a port scan of the WAN port.
CVE-2006-4765 1 Netgear 1 Dg834gt 2025-04-03 5.0 MEDIUM N/A
NETGEAR DG834GT Wireless ADSL router running firmware 1.01.28 allows attackers to cause a denial of service (device hang) via a long string in the username field in the login window.
CVE-2002-2020 1 Netgear 1 Rp114 2025-04-03 7.5 HIGH N/A
Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default administrator password and accepts admin logins on the external interface, which allows remote attackers to gain privileges if the password is not changed.
CVE-2002-0238 1 Netgear 1 Rt314 2025-04-03 7.5 HIGH N/A
Cross-site scripting vulnerability in web administration interface for NetGear RT314 and RT311 Gateway Routers allows remote attackers to execute arbitrary script on another client via a URL that contains the script.
CVE-2005-0290 1 Netgear 1 Fvs318 2025-04-03 7.5 HIGH N/A
NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to bypass the filters using hex encoded URLs, as demonstrated using a hex encoded file extension.
CVE-2005-4220 1 Netgear 1 Rp114 2025-04-03 7.8 HIGH N/A
Netgear RP114, and possibly other versions and devices, allows remote attackers to cause a denial of service via a SYN flood attack between one system on the internal interface and another on the external interface, which temporarily stops routing between the interfaces, as demonstrated using nmap.
CVE-2022-47052 1 Netgear 2 Ac1200 R6220, Ac1200 R6220 Firmware 2025-04-01 N/A 6.1 MEDIUM
The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi Router' is vulnerable to a CRLF Injection attack that can be leveraged to perform Reflected XSS and HTML Injection. A malicious unauthenticated attacker can exploit this vulnerability using a specially crafted URL. This affects firmware versions: V1.1.0.112_1.0.1, V1.1.0.114_1.0.1.
CVE-2022-48176 1 Netgear 12 Mr60, Mr60 Firmware, Ms60 and 9 more 2025-03-28 N/A 7.8 HIGH
Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow.