Filtered by vendor Netgear
Subscribe
Total
1197 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-40478 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | N/A | 6.8 MEDIUM |
| NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the telnet CLI service, which listens on TCP port 23. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20009. | |||||
| CVE-2023-34563 | 1 Netgear | 2 R6250, R6250 Firmware | 2024-12-09 | N/A | 9.8 CRITICAL |
| netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overflow after authentication. | |||||
| CVE-2024-5505 | 1 Netgear | 1 Prosafe Network Management System | 2024-11-21 | N/A | 8.8 HIGH |
| NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpLoadServlet class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22724. | |||||
| CVE-2024-36788 | 1 Netgear | 2 Wnr614, Wnr614 Firmware | 2024-11-21 | N/A | 4.8 MEDIUM |
| Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices. | |||||
| CVE-2024-1431 | 1 Netgear | 2 R7000, R7000 Firmware | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253382 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-1430 | 1 Netgear | 2 R7000, R7000 Firmware | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-50089 | 1 Netgear | 2 Wnr2000, Wnr2000 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication. | |||||
| CVE-2023-49694 | 1 Netgear | 1 Prosafe Network Management System | 2024-11-21 | N/A | 7.8 HIGH |
| A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM. | |||||
| CVE-2023-49693 | 1 Netgear | 1 Prosafe Network Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code. | |||||
| CVE-2023-49007 | 1 Netgear | 2 Rbr750, Rbr750 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-based buffer overflow in /usr/sbin/httpd. | |||||
| CVE-2023-39550 | 1 Netgear | 6 Jwnr2000v2, Jwnr2000v2 Firmware, Xavn2001v2 and 3 more | 2024-11-21 | N/A | 8.8 HIGH |
| Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the check_auth function. | |||||
| CVE-2023-38928 | 1 Netgear | 2 R7100lg, R7100lg Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi. | |||||
| CVE-2023-38926 | 1 Netgear | 2 Ex6200, Ex6200 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set. | |||||
| CVE-2023-38925 | 1 Netgear | 6 Dc112a, Dc112a Firmware, Ex6200 and 3 more | 2024-11-21 | N/A | 8.8 HIGH |
| Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer overflow via the http_passwd parameter in password.cgi. | |||||
| CVE-2023-38924 | 1 Netgear | 2 Dgn3500, Dgn3500 Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi. | |||||
| CVE-2023-38922 | 1 Netgear | 6 Jwnr2000v2, Jwnr2000v2 Firmware, Xavn2001v2 and 3 more | 2024-11-21 | N/A | 8.8 HIGH |
| Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function. | |||||
| CVE-2023-38921 | 1 Netgear | 4 Wag302v2, Wag302v2 Firmware, Wg302v2 and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
| Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters. | |||||
| CVE-2023-38591 | 1 Netgear | 2 Dg834gv5, Dg834gv5 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer overflows via the wla_ssid and wla_temp_ssid parameters at bsw_ssid.cgi. | |||||
| CVE-2023-38412 | 1 Netgear | 2 R6900p, R6900p Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi. | |||||
| CVE-2023-36499 | 1 Netgear | 2 Xr300, Xr300 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_wifi_change.cgi. | |||||