Filtered by vendor Netgear
Subscribe
Total
1078 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1327 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2023-03-21 | N/A | 9.8 CRITICAL |
| Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device's web management interface by resetting the admin password. | |||||
| CVE-2023-28338 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2023-03-21 | N/A | 7.5 HIGH |
| Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s web service containing a “Content-Type” of “multipartboundary=” will result in the request body being written to “/tmp/mulipartFile” on the device itself. A sufficiently large file will cause device resources to be exhausted, resulting in the device becoming unusable until it is rebooted. | |||||
| CVE-2023-28337 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2023-03-21 | N/A | 8.8 HIGH |
| When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the device. | |||||
| CVE-2023-27851 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2023-03-16 | N/A | 8.8 HIGH |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that unintentionally allows users with upload permissions to execute arbitrary code on the device. | |||||
| CVE-2023-27852 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2023-03-16 | N/A | 9.8 CRITICAL |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device. | |||||
| CVE-2023-27853 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2023-03-16 | N/A | 9.8 CRITICAL |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device. | |||||
| CVE-2023-27850 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2023-03-15 | N/A | 6.8 MEDIUM |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device. | |||||
| CVE-2023-1205 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2023-03-15 | N/A | 8.8 HIGH |
| NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections. | |||||
| CVE-2023-0850 | 1 Netgear | 2 Wndr3700, Wndr3700 Firmware | 2023-02-24 | N/A | 7.5 HIGH |
| A vulnerability was found in Netgear WNDR3700v2 1.0.1.14 and classified as problematic. This issue affects some unknown processing of the component Web Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221153 was assigned to this vulnerability. | |||||
| CVE-2023-0849 | 1 Netgear | 2 Wndr3700, Wndr3700 Firmware | 2023-02-24 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221152. | |||||
| CVE-2023-0848 | 1 Netgear | 2 Wndr3700, Wndr3700 Firmware | 2023-02-24 | N/A | 7.5 HIGH |
| A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. It has been rated as problematic. This issue affects some unknown processing of the component Web Management Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221147. | |||||
| CVE-2023-24498 | 1 Netgear | 2 Prosafe Fs726tp, Prosafe Fs726tp Firmware | 2023-02-24 | N/A | 7.5 HIGH |
| An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text. | |||||
| CVE-2022-48322 | 1 Netgear | 12 Mr60, Mr60 Firmware, Ms60 and 9 more | 2023-02-22 | N/A | 9.8 CRITICAL |
| NETGEAR Nighthawk WiFi Mesh systems and routers are affected by a stack-based buffer overflow vulnerability. This affects MR60 before 1.1.7.132, MS60 before 1.1.7.132, R6900P before 1.3.3.154, R7000P before 1.3.3.154, R7960P before 1.4.4.94, and R8000P before 1.4.4.94. | |||||
| CVE-2023-23110 | 1 Netgear | 18 D6100, D6100 Firmware, Dgn1000v3 and 15 more | 2023-02-09 | N/A | 7.4 HIGH |
| An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification. This affects WNR612v2 Wireless Routers 1.0.0.3 and earlier, DGN1000v3 Modem Router 1.0.0.22 and earlier, D6100 WiFi DSL Modem Routers 1.0.0.63 and earlier, WNR1000v2 Wireless Routers 1.1.2.60 and earlier, XAVN2001v2 Wireless-N Extenders 0.4.0.7 and earlier, WNR2200 Wireless Routers 1.0.1.102 and earlier, WNR2500 Wireless Routers 1.0.0.34 and earlier, R8900 Smart WiFi Routers 1.0.3.6 and earlier, and R9000 Smart WiFi Routers 1.0.3.6 and earlier. | |||||
| CVE-2022-48176 | 1 Netgear | 12 Mr60, Mr60 Firmware, Ms60 and 9 more | 2023-02-07 | N/A | 7.8 HIGH |
| Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow. | |||||
| CVE-2022-47052 | 1 Netgear | 2 Ac1200 R6220, Ac1200 R6220 Firmware | 2023-02-06 | N/A | 6.1 MEDIUM |
| The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi Router' is vulnerable to a CRLF Injection attack that can be leveraged to perform Reflected XSS and HTML Injection. A malicious unauthenticated attacker can exploit this vulnerability using a specially crafted URL. This affects firmware versions: V1.1.0.112_1.0.1, V1.1.0.114_1.0.1. | |||||
| CVE-2022-48196 | 1 Netgear | 18 R6400v2, R6400v2 Firmware, R6700v3 and 15 more | 2023-01-10 | N/A | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.122, R6900P before 1.3.3.152, R7000P before 1.3.3.152, R7000 before 1.0.11.136, R7960P before 1.4.4.94, and R8000P before 1.4.4.94. | |||||
| CVE-2022-46423 | 1 Netgear | 2 Wnr2000, Wnr2000 Firmware | 2022-12-29 | N/A | 8.1 HIGH |
| An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v1.2.3.7 and earlier. | |||||
| CVE-2022-46424 | 1 Netgear | 2 Xwn5001, Xwn5001 Firmware | 2022-12-29 | N/A | 8.1 HIGH |
| An exploitable firmware modification vulnerability was discovered on the Netgear XWN5001 Powerline 500 WiFi Access Point. An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the CRC check, allowing attackers to execute arbitrary code or cause a Denial of Service (DoS). This affects v0.4.1.1 and earlier. | |||||
| CVE-2022-47210 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2022-12-29 | N/A | 7.8 HIGH |
| The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device. | |||||