Filtered by vendor Netgear
Subscribe
Total
1133 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44194 | 1 Netgear | 2 R7000p, R7000p Firmware | 2022-11-23 | N/A | 9.8 CRITICAL |
| Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters apmode_dns1_pri and apmode_dns1_sec. | |||||
| CVE-2022-44193 | 1 Netgear | 2 R7000p, R7000p Firmware | 2022-11-23 | N/A | 9.8 CRITICAL |
| Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameters: starthour, startminute , endhour, and endminute. | |||||
| CVE-2022-44184 | 1 Netgear | 2 R7000p, R7000p Firmware | 2022-11-23 | N/A | 9.8 CRITICAL |
| Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_sec. | |||||
| CVE-2022-44200 | 1 Netgear | 2 R7000p, R7000p Firmware | 2022-11-23 | N/A | 9.8 CRITICAL |
| Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow via parameters: stamode_dns1_pri and stamode_dns1_sec. | |||||
| CVE-2022-44199 | 1 Netgear | 2 R7000p, R7000p Firmware | 2022-11-23 | N/A | 9.8 CRITICAL |
| Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_server_ip. | |||||
| CVE-2022-44198 | 1 Netgear | 2 R7000p, R7000p Firmware | 2022-11-23 | N/A | 9.8 CRITICAL |
| Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_push1. | |||||
| CVE-2021-34865 | 1 Netgear | 34 Ac2100, Ac2100 Firmware, Ac2400 and 31 more | 2022-10-27 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-13313. | |||||
| CVE-2020-28041 | 1 Netgear | 2 Nighthawk R7000, Nighthawk R7000 Firmware | 2022-10-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim visits an attacker-controlled web site with a modern browser, aka NAT Slipstreaming. This occurs because the ALG takes action based on an IP packet with an initial REGISTER substring in the TCP data, and the correct intranet IP address in the subsequent Via header, without properly considering that connection progress and fragmentation affect the meaning of the packet data. | |||||
| CVE-2022-37234 | 1 Netgear | 2 R7000, R7000 Firmware | 2022-09-27 | N/A | 7.8 HIGH |
| Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncpy. | |||||
| CVE-2022-37235 | 1 Netgear | 2 R7000, R7000 Firmware | 2022-09-24 | N/A | 9.8 CRITICAL |
| Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncat | |||||
| CVE-2022-31937 | 1 Netgear | 2 Wnr2000v4, Wnr2000v4 Firmware | 2022-09-24 | N/A | 9.8 CRITICAL |
| Netgear N300 wireless router wnr2000v4-V1.0.0.70 was discovered to contain a stack overflow via strcpy in uhttpd. | |||||
| CVE-2022-37232 | 1 Netgear | 2 Wnr2000v4, Wnr2000v4 Firmware | 2022-09-24 | N/A | 9.8 CRITICAL |
| Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable to Buffer Overflow via uhttpd. There is a stack overflow vulnerability caused by strcpy. | |||||
| CVE-2021-34236 | 1 Netgear | 2 R8000, R8000 Firmware | 2022-09-12 | N/A | 9.8 CRITICAL |
| Buffer Overflow in Netgear R8000 Router with firmware v1.0.4.56 allows remote attackers to execute arbitrary code or cause a denial-of-service by sending a crafted POST to '/bd_genie_create_account.cgi' with a sufficiently long parameter 'register_country'. | |||||
| CVE-2020-10930 | 1 Netgear | 2 R6700, R6700 Firmware | 2022-07-25 | 3.3 LOW | 6.5 MEDIUM |
| This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of URLs. The issue results from the lack of proper routing of URLs. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-9618. | |||||
| CVE-2021-45501 | 1 Netgear | 38 Ac2400, Ac2400 Firmware, Ac2600 and 35 more | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by authentication bypass. This affects AC2400 before 1.1.0.84, AC2600 before 1.1.0.84, D7000 before 1.0.1.82, R6020 before 1.0.0.52, R6080 before 1.0.0.52, R6120 before 1.0.0.80, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.1.0.84, R6800 before 1.1.0.84, R6850 before 1.1.0.84, R6900v2 before 1.1.0.84, R7200 before 1.1.0.84, R7350 before 1.1.0.84, R7400 before 1.1.0.84, and R7450 before 1.1.0.84. | |||||
| CVE-2021-35973 | 1 Netgear | 2 Wac104, Wac104 Firmware | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the ¤tsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866. This directly allows the attacker to change the web UI password, and eventually to enable debug mode (telnetd) and gain a shell on the device as the admin limited-user account (however, escalation to root is simple because of weak permissions on the /etc/ directory). | |||||
| CVE-2021-45655 | 1 Netgear | 2 R6400, R6400 Firmware | 2022-07-12 | 5.2 MEDIUM | 6.8 MEDIUM |
| NETGEAR R6400 devices before 1.0.1.70 are affected by server-side injection. | |||||
| CVE-2021-45659 | 1 Netgear | 20 Rbk20, Rbk20 Firmware, Rbk40 and 17 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Certain NETGEAR devices are affected by server-side injection. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40. | |||||
| CVE-2021-20172 | 1 Netgear | 1 Genie Installer | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| All known versions of the Netgear Genie Installer for macOS contain a local privilege escalation vulnerability. The installer of the macOS version of Netgear Genie handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which the software is going to be installed may overwrite certain files to obtain privilege escalation to root. | |||||
| CVE-2021-29065 | 1 Netgear | 2 Rbr850, Rbr850 Firmware | 2022-07-12 | 8.3 HIGH | 9.6 CRITICAL |
| NETGEAR RBR850 devices before 3.2.10.11 are affected by authentication bypass. | |||||