Filtered by vendor Netgear
Subscribe
Total
1297 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-44658 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-08-07 | N/A | 9.8 CRITICAL |
| In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tricking the web server into executing them as PHP, bypassing security mechanisms based on file extension filtering. This may lead to remote code execution (RCE), information disclosure, or full system compromise. | |||||
| CVE-2023-44445 | 1 Netgear | 2 Cax30, Cax30 Firmware | 2025-08-07 | N/A | 8.8 HIGH |
| NETGEAR CAX30 SSO Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sso binary. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19058. | |||||
| CVE-2023-35721 | 1 Netgear | 2 Rax50, Rax50 Firmware | 2025-08-07 | N/A | 8.8 HIGH |
| NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the update functionality, which operates over HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19981. | |||||
| CVE-2023-50677 | 1 Netgear | 2 Dgnd4000, Dgnd4000 Firmware | 2025-07-28 | N/A | 8.8 HIGH |
| An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attacker to escalate privileges via the next_file parameter to the /setup.cgi component. | |||||
| CVE-2025-6511 | 1 Netgear | 2 Ex6150, Ex6150 Firmware | 2025-07-16 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical has been found in Netgear EX6150 1.0.0.46_1.0.76. This affects the function sub_410090. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-6510 | 1 Netgear | 2 Ex6100, Ex6100 Firmware | 2025-07-16 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Netgear EX6100 1.0.2.28_1.1.138. It has been rated as critical. Affected by this issue is the function sub_415EF8. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-7407 | 1 Netgear | 2 D6400, D6400 Firmware | 2025-07-16 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in Netgear D6400 1.0.0.114. This affects an unknown part of the file diag.cgi. The manipulation of the argument host_name leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early and confirmed the existence of the vulnerability. They reacted very quickly, professional and kind. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-57046 | 1 Netgear | 2 Dgn2200, Dgn2200 Firmware | 2025-07-07 | N/A | 8.8 HIGH |
| A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication. | |||||
| CVE-2025-4139 | 1 Netgear | 2 Ex6120, Ex6120 Firmware | 2025-06-23 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical was found in Netgear EX6120 1.0.0.68. Affected by this vulnerability is the function fwAcosCgiInbound. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-4135 | 1 Netgear | 2 Wg302v2, Wg302v2 Firmware | 2025-06-23 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function ui_get_input_value. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-5934 | 1 Netgear | 2 Ex3700, Ex3700 Firmware | 2025-06-20 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Netgear EX3700 up to 1.0.0.88. It has been classified as critical. Affected is the function sub_41619C of the file /mtd. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.0.98 is able to address this issue. It is recommended to upgrade the affected component. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-4977 | 1 Netgear | 2 Dgnd3700, Dgnd3700 Firmware | 2025-06-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Netgear DGND3700 1.1.00.15_1.00.15NA. Affected by this issue is some unknown functionality of the file /BRS_top.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. | |||||
| CVE-2025-4978 | 1 Netgear | 2 Dgnd3700, Dgnd3700 Firmware | 2025-06-12 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.15_1.00.15NA. This affects an unknown part of the file /BRS_top.html of the component Basic Authentication. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. | |||||
| CVE-2025-4980 | 1 Netgear | 2 Dgnd3700, Dgnd3700 Firmware | 2025-06-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in Netgear DGND3700 1.1.00.15_1.00.15NA and classified as problematic. This vulnerability affects unknown code of the file /currentsetting.htm of the component mini_http. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. | |||||
| CVE-2022-41545 | 1 Netgear | 2 C7800, C7800 Firmware | 2025-06-06 | N/A | 6.4 MEDIUM |
| The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 (and possibly others) authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transport security by default, this renders the administrative credentials vulnerable to eavesdropping by an adversary during every authenticated request made by a client to the router over a WLAN, or a LAN, should the adversary be able to perform a man-in-the-middle attack. | |||||
| CVE-2024-5246 | 1 Netgear | 1 Prosafe Network Management Software 300 | 2025-05-29 | N/A | 8.8 HIGH |
| NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Apache Tomcat. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22868. | |||||
| CVE-2024-36795 | 1 Netgear | 2 Wnr614, Wnr614 Firmware | 2025-05-29 | N/A | 4.0 MEDIUM |
| Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access URLs and directories embedded within the firmware via unspecified vectors. | |||||
| CVE-2024-36787 | 1 Netgear | 2 Wnr614, Wnr614 Firmware | 2025-05-29 | N/A | 8.8 HIGH |
| An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors. | |||||
| CVE-2024-36789 | 1 Netgear | 2 Wnr614, Wnr614 Firmware | 2025-05-29 | N/A | 8.1 HIGH |
| An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards. | |||||
| CVE-2024-36790 | 1 Netgear | 2 Wnr614, Wnr614 Firmware | 2025-05-29 | N/A | 8.8 HIGH |
| Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext. | |||||