Filtered by vendor Netgear
Subscribe
Total
1078 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6334 | 1 Netgear | 5 Dgn2200 Series Firmware, Dgn2200v1, Dgn2200v2 and 2 more | 2019-10-02 | 9.0 HIGH | 8.8 HIGH |
| dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077. | |||||
| CVE-2019-14526 | 1 Netgear | 2 Mr1100, Mr1100 Firmware | 2019-08-27 | 5.8 MEDIUM | 8.1 HIGH |
| An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface Cross-Site Request Forgery token is stored in a dynamically generated JavaScript file, and therefore can be embedded in third party pages, and re-used against the Nighthawk web interface. This entirely bypasses the intended security benefits of the use of a CSRF-protection token. | |||||
| CVE-2019-14527 | 1 Netgear | 2 Mr1100, Mr1100 Firmware | 2019-08-27 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. System commands can be executed, via the web interface, after authentication. | |||||
| CVE-2016-10864 | 1 Netgear | 2 Ex7000, Ex7000 Firmware | 2019-08-19 | 2.9 LOW | 5.2 MEDIUM |
| NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID. | |||||
| CVE-2013-2752 | 1 Netgear | 1 Raidiator | 2019-07-18 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users. | |||||
| CVE-2013-2751 | 1 Netgear | 1 Raidiator | 2019-07-18 | 10.0 HIGH | N/A |
| Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow." | |||||
| CVE-2018-18471 | 4 Axentra, Medion, Netgear and 1 more | 4 Hipserv, Lifecloud, Stora and 1 more | 2019-06-24 | 10.0 HIGH | 9.8 CRITICAL |
| /api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and MEDION LifeCloud, has an XXE vulnerability that can be chained with an SSRF bug to gain remote command execution as root. It can be triggered by anyone who knows the IP address of the affected device. | |||||
| CVE-2016-1555 | 1 Netgear | 14 Wn604, Wn604 Firmware, Wn802tv2 and 11 more | 2019-04-16 | 10.0 HIGH | 9.8 CRITICAL |
| (1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands. | |||||
| CVE-2005-4220 | 1 Netgear | 1 Rp114 | 2018-10-19 | 7.8 HIGH | N/A |
| Netgear RP114, and possibly other versions and devices, allows remote attackers to cause a denial of service via a SYN flood attack between one system on the internal interface and another on the external interface, which temporarily stops routing between the interfaces, as demonstrated using nmap. | |||||
| CVE-2006-1068 | 1 Netgear | 1 Netgear Router | 2018-10-18 | 4.9 MEDIUM | N/A |
| Netgear 614 and 624 routers, possibly running VXWorks, allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value. | |||||
| CVE-2006-1002 | 1 Netgear | 1 Wgt624 | 2018-10-18 | 10.0 HIGH | N/A |
| NETGEAR WGT624 Wireless DSL router has a default account of super_username "Gearguy" and super_passwd "Geardog", which allows remote attackers to modify the configuration. NOTE: followup posts have suggested that this might not occur with all WGT624 routers. | |||||
| CVE-2006-4765 | 1 Netgear | 1 Dg834gt | 2018-10-17 | 5.0 MEDIUM | N/A |
| NETGEAR DG834GT Wireless ADSL router running firmware 1.01.28 allows attackers to cause a denial of service (device hang) via a long string in the username field in the login window. | |||||
| CVE-2006-4143 | 1 Netgear | 1 Fvg318 | 2018-10-17 | 7.8 HIGH | N/A |
| Netgear FVG318 running firmware 1.0.40 allows remote attackers to cause a denial of service (router reset) via TCP packets with bad checksums. | |||||
| CVE-2007-4361 | 1 Netgear | 1 Readynas Raidiator | 2018-10-15 | 10.0 HIGH | N/A |
| NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access. | |||||
| CVE-2009-0052 | 2 Atheros, Netgear | 3 Ar9160-bc1a Chipset, Wndap330, Wndap330 Firmware | 2018-10-11 | 5.5 MEDIUM | N/A |
| The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame. | |||||
| CVE-2008-1197 | 2 Marvell, Netgear | 2 88w8361w-bem1, Wn802t | 2018-10-11 | 6.3 MEDIUM | N/A |
| The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse the SSID information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via a "Null SSID." | |||||
| CVE-2008-1144 | 2 Marvell, Netgear | 2 88w8361w-bem1, Wn802t | 2018-10-11 | 6.3 MEDIUM | N/A |
| The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse EAPoL-Key packets, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via a malformed EAPoL-Key packet with a crafted "advertised length." | |||||
| CVE-2009-2258 | 1 Netgear | 2 Dg632, Dg632 Firmware | 2018-10-10 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter. | |||||
| CVE-2009-2257 | 1 Netgear | 1 Dg632 | 2018-10-10 | 7.8 HIGH | N/A |
| The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/. | |||||
| CVE-2009-2256 | 1 Netgear | 1 Dg632 | 2018-10-10 | 7.8 HIGH | N/A |
| The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg. | |||||