Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Netgear Subscribe
Total 1078 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-6341 1 Netgear 4 Wgr614v7, Wgr614v7 Firmware, Wgr614v9 and 1 more 2020-02-12 4.0 MEDIUM 6.5 MEDIUM
An Information Disclosure vulnerability exists in the my config file in NEtGEAR WGR614 v7 and v9, which could let a malicious user recover all previously used passwords on the device, for both the control panel and WEP/WPA/WPA2, in plaintext. This is a different issue than CVE-2012-6340.
CVE-2012-6340 1 Netgear 4 Wgr614v7, Wgr614v7 Firmware, Wgr614v9 and 1 more 2020-02-11 2.1 LOW 4.6 MEDIUM
An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to CVE-2006-1002.
CVE-2013-3316 1 Netgear 2 Wnr1000, Wnr1000 Firmware 2020-02-01 10.0 HIGH 9.8 CRITICAL
Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg".
CVE-2013-3317 1 Netgear 2 Wnr1000, Wnr1000 Firmware 2020-02-01 10.0 HIGH 9.8 CRITICAL
Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key.
CVE-2013-3071 1 Netgear 2 Wndr4700, Wndr4700 Firmware 2020-01-30 7.5 HIGH 9.8 CRITICAL
NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass.
CVE-2013-3074 1 Netgear 2 Wndr4700, Wndr4700 Firmware 2020-01-30 7.8 HIGH 7.5 HIGH
NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device crash).
CVE-2019-19494 4 Compal, Netgear, Sagemcom and 1 more 14 7284e, 7284e Firmware, 7486e and 11 more 2020-01-28 9.3 HIGH 8.8 HIGH
Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11.
CVE-2013-4657 1 Netgear 4 Wnr3500l, Wnr3500l Firmware, Wnr3500u and 1 more 2019-11-25 10.0 HIGH 9.8 CRITICAL
Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service.
CVE-2013-3073 1 Netgear 2 Wndr4700, Wndr4700 Firmware 2019-11-20 10.0 HIGH 9.8 CRITICAL
A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34.
CVE-2013-3072 1 Netgear 2 Wndr4700, Wndr4700 Firmware 2019-11-20 7.5 HIGH 9.8 CRITICAL
An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal.
CVE-2013-3516 1 Netgear 4 Wnr3500l, Wnr3500l Firmware, Wnr3500u and 1 more 2019-11-18 4.3 MEDIUM 6.5 MEDIUM
NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens.
CVE-2013-3070 1 Netgear 2 Wndr4700, Wndr4700 Firmware 2019-11-18 5.0 MEDIUM 7.5 HIGH
An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN.
CVE-2013-3517 1 Netgear 4 Wnr3500l, Wnr3500l Firmware, Wnr3500u and 1 more 2019-11-15 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U and WNR3500L.
CVE-2019-17372 1 Netgear 66 Ac1450, Ac1450 Firmware, D8500 and 63 more 2019-10-18 4.3 MEDIUM 8.1 HIGH
Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. The attacker can then, for example, visit MNU_accessPassword_recovered.html to obtain a valid new admin password. This affects AC1450, D8500, DC112A, JNDR3000, LG2200D, R4500, R6200, R6200V2, R6250, R6300, R6300v2, R6400, R6700, R6900P, R6900, R7000P, R7000, R7100LG, R7300, R7900, R8000, R8300, R8500, WGR614v10, WN2500RPv2, WNDR3400v2, WNDR3700v3, WNDR4000, WNDR4500, WNDR4500v2, WNR1000, WNR1000v3, WNR3500L, and WNR3500L.
CVE-2019-12591 1 Netgear 1 Insight 2019-10-09 6.5 MEDIUM 7.6 HIGH
NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection.
CVE-2017-18378 1 Netgear 2 Readynas Surveillance, Readynas Surveillance Firmware 2019-10-09 7.5 HIGH 9.8 CRITICAL
In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution.
CVE-2016-5638 1 Netgear 2 Wndr4500, Wndr4500 Firmware 2019-10-09 5.0 MEDIUM 7.5 HIGH
There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. Genie app adds some capabilities over the Web GUI and can be accessed even when you are away from home. A remote attacker can access genie_ping.htm or genie_ping2.htm or genie_ping3.htm page without authentication. Once accessed, the page will be redirected to the aCongratulations2.htma page, which reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text.
CVE-2016-5649 1 Netgear 4 Dgn2200, Dgn2200 Firmware, Dgnd3700 and 1 more 2019-10-09 5.0 MEDIUM 9.8 CRITICAL
A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router's web interface.
CVE-2019-17049 1 Netgear 2 Srx5308, Srx5308 Firmware 2019-10-04 5.0 MEDIUM 7.5 HIGH
NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account.
CVE-2017-2137 1 Netgear 1 Prosafe Plus Configuration Utility 2019-10-02 4.3 MEDIUM 3.7 LOW
ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests.