Filtered by vendor Netgear
Subscribe
Total
1285 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6511 | 1 Netgear | 2 Ex6150, Ex6150 Firmware | 2025-07-16 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical has been found in Netgear EX6150 1.0.0.46_1.0.76. This affects the function sub_410090. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-6510 | 1 Netgear | 2 Ex6100, Ex6100 Firmware | 2025-07-16 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Netgear EX6100 1.0.2.28_1.1.138. It has been rated as critical. Affected by this issue is the function sub_415EF8. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-7407 | 1 Netgear | 2 D6400, D6400 Firmware | 2025-07-16 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in Netgear D6400 1.0.0.114. This affects an unknown part of the file diag.cgi. The manipulation of the argument host_name leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early and confirmed the existence of the vulnerability. They reacted very quickly, professional and kind. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-52080 | 1 Netgear | 2 Xr300, Xr300 Firmware | 2025-07-16 | N/A | 6.5 MEDIUM |
| In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the share_name parameter. | |||||
| CVE-2025-52081 | 1 Netgear | 2 Xr300, Xr300 Firmware | 2025-07-16 | N/A | 6.5 MEDIUM |
| In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the usb_folder parameter. | |||||
| CVE-2025-52082 | 1 Netgear | 2 Xr300, Xr300 Firmware | 2025-07-16 | N/A | 6.5 MEDIUM |
| In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the read_access parameter. | |||||
| CVE-2024-57046 | 1 Netgear | 2 Dgn2200, Dgn2200 Firmware | 2025-07-07 | N/A | 8.8 HIGH |
| A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication. | |||||
| CVE-2025-5495 | 1 Netgear | 2 Wnr614, Wnr614 Firmware | 2025-07-02 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in Netgear WNR614 1.1.0.28_1.0.1WW. It has been classified as critical. This affects an unknown part of the component URL Handler. The manipulation with the input %00currentsetting.htm leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This issue appears to have been circulating as an 0day since 2024. | |||||
| CVE-2025-4139 | 1 Netgear | 2 Ex6120, Ex6120 Firmware | 2025-06-23 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical was found in Netgear EX6120 1.0.0.68. Affected by this vulnerability is the function fwAcosCgiInbound. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-4135 | 1 Netgear | 2 Wg302v2, Wg302v2 Firmware | 2025-06-23 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function ui_get_input_value. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-5934 | 1 Netgear | 2 Ex3700, Ex3700 Firmware | 2025-06-20 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Netgear EX3700 up to 1.0.0.88. It has been classified as critical. Affected is the function sub_41619C of the file /mtd. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.0.98 is able to address this issue. It is recommended to upgrade the affected component. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-4977 | 1 Netgear | 2 Dgnd3700, Dgnd3700 Firmware | 2025-06-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Netgear DGND3700 1.1.00.15_1.00.15NA. Affected by this issue is some unknown functionality of the file /BRS_top.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. | |||||
| CVE-2025-4978 | 1 Netgear | 2 Dgnd3700, Dgnd3700 Firmware | 2025-06-12 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.15_1.00.15NA. This affects an unknown part of the file /BRS_top.html of the component Basic Authentication. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. | |||||
| CVE-2025-4980 | 1 Netgear | 2 Dgnd3700, Dgnd3700 Firmware | 2025-06-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in Netgear DGND3700 1.1.00.15_1.00.15NA and classified as problematic. This vulnerability affects unknown code of the file /currentsetting.htm of the component mini_http. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. | |||||
| CVE-2022-41545 | 1 Netgear | 2 C7800, C7800 Firmware | 2025-06-06 | N/A | 6.4 MEDIUM |
| The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 (and possibly others) authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transport security by default, this renders the administrative credentials vulnerable to eavesdropping by an adversary during every authenticated request made by a client to the router over a WLAN, or a LAN, should the adversary be able to perform a man-in-the-middle attack. | |||||
| CVE-2024-5246 | 1 Netgear | 1 Prosafe Network Management Software 300 | 2025-05-29 | N/A | 8.8 HIGH |
| NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Apache Tomcat. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22868. | |||||
| CVE-2024-36795 | 1 Netgear | 2 Wnr614, Wnr614 Firmware | 2025-05-29 | N/A | 4.0 MEDIUM |
| Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access URLs and directories embedded within the firmware via unspecified vectors. | |||||
| CVE-2024-36787 | 1 Netgear | 2 Wnr614, Wnr614 Firmware | 2025-05-29 | N/A | 8.8 HIGH |
| An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors. | |||||
| CVE-2024-36789 | 1 Netgear | 2 Wnr614, Wnr614 Firmware | 2025-05-29 | N/A | 8.1 HIGH |
| An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards. | |||||
| CVE-2024-36790 | 1 Netgear | 2 Wnr614, Wnr614 Firmware | 2025-05-29 | N/A | 8.8 HIGH |
| Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext. | |||||