CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Netgear : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-5680 119 Exec Code Overflow 2016-08-31 2016-08-31
9.0
Admin Remote Low Single system Complete Complete Complete
Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.
2 CVE-2016-5679 78 Exec Code 2016-08-31 2016-08-31
9.0
Admin Remote Low Single system Complete Complete Complete
cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.
3 CVE-2016-5677 200 +Info 2016-08-31 2016-08-31
5.0
None Remote Low Not required Partial None None
NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request.
4 CVE-2016-5676 285 2016-08-31 2016-08-31
5.0
None Remote Low Not required None Partial None
cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.
5 CVE-2016-5675 20 Exec Code 2016-08-31 2016-08-31
10.0
Admin Remote Low Not required Complete Complete Complete
handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.
6 CVE-2016-5674 20 Exec Code 2016-08-31 2016-08-31
10.0
Admin Remote Low Not required Complete Complete Complete
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.
7 CVE-2016-1525 22 Dir. Trav. 2016-02-12 2016-03-10
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter.
8 CVE-2016-1524 Exec Code 2016-02-12 2016-03-21
8.3
None Local Network Low Not required Complete Complete Complete
Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI.
9 CVE-2015-8289 255 2016-06-19 2016-06-21
4.3
None Remote Medium Not required Partial None None
The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code.
10 CVE-2015-8288 2016-06-19 2016-06-21
4.3
None Remote Medium Not required Partial None None
NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
11 CVE-2015-8263 2015-12-26 2015-12-28
5.0
None Remote Low Not required None Partial None
NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port.
12 CVE-2014-4927 119 1 DoS Overflow 2014-07-24 2014-07-25
7.8
None Remote Low Not required None None Complete
Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request.
13 CVE-2014-4864 255 +Info 2014-09-10 2014-09-10
3.3
None Local Network Low Not required Partial None None
The NETGEAR ProSafe Plus Configuration Utility creates configuration backup files containing cleartext passwords, which might allow remote attackers to obtain sensitive information by reading a file.
14 CVE-2014-2969 255 Exec Code 2014-07-07 2014-07-07
8.3
None Local Network Low Not required Complete Complete Complete
NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi.
15 CVE-2013-4776 DoS 2013-12-18 2013-12-19
7.8
None Remote Low Not required None None Complete
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/.
16 CVE-2013-4775 200 +Info 2013-12-18 2013-12-19
7.8
None Remote Low Not required Complete None None
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to read encrypted administrator credentials and other startup configurations via a direct request to filesystem/startup-config.
17 CVE-2013-3069 79 XSS 2014-04-25 2014-04-25
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page.
18 CVE-2013-2752 352 CSRF 2013-12-12 2013-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users.
19 CVE-2013-2751 94 1 Exec Code 2013-12-12 2013-12-13
10.0
None Remote Low Not required Complete Complete Complete
Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow."
20 CVE-2012-2439 264 2012-04-27 2012-09-21
7.5
None Remote Low Not required Partial Partial Partial
The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors.
21 CVE-2011-1674 287 Bypass 2011-04-09 2011-09-06
6.8
None Remote Medium Not required Partial Partial Partial
The NetGear ProSafe WNAP210 with firmware 2.0.12 allows remote attackers to bypass authentication and obtain access to the configuration page by visiting recreate.php and then visiting index.php.
22 CVE-2011-1673 310 2011-04-09 2011-09-06
5.0
None Remote Low Not required Partial None None
BackupConfig.php on the NetGear ProSafe WNAP210 allows remote attackers to obtain the administrator password by reading the configuration file.
23 CVE-2009-2258 22 1 Dir. Trav. 2009-06-30 2009-09-22
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter.
24 CVE-2009-2257 287 1 Bypass 2009-06-30 2009-06-30
7.8
None Remote Low Not required Complete None None
The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/.
25 CVE-2009-2256 20 1 DoS 2009-06-30 2009-06-30
7.8
None Remote Low Not required None None Complete
The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg.
26 CVE-2009-0680 22 1 DoS Dir. Trav. 2009-02-22 2009-02-23
7.8
None Remote Low Not required None None Complete
cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences.
27 CVE-2009-0052 DoS Exec Code 2009-11-12 2012-01-05
5.5
None Local Network Low Single system None None Complete
The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame.
28 CVE-2008-6122 20 DoS 2009-02-11 2009-08-13
7.8
None Remote Low Not required None None Complete
The web management interface in Netgear WGR614v9 allows remote attackers to cause a denial of service (crash) via a request that contains a question mark ("?").
29 CVE-2008-1197 20 DoS Exec Code 2008-09-05 2009-08-19
6.3
None Remote Medium Single system None None Complete
The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse the SSID information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via a "Null SSID."
30 CVE-2008-1144 20 DoS Exec Code 2008-09-05 2009-08-19
6.3
None Remote Medium Single system None None Complete
The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse EAPoL-Key packets, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via a malformed EAPoL-Key packet with a crafted "advertised length."
31 CVE-2007-5562 79 XSS 2007-10-18 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in cgi-bin/welcome (aka the login page) in Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 allows remote attackers to inject arbitrary web script or HTML via the err parameter in the context of an error page.
32 CVE-2007-4361 2007-08-15 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access.
33 CVE-2006-6125 119 Exec Code Overflow 2006-11-26 2011-10-17
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the wireless driver (WG311ND5.SYS) 2.3.1.10 for NetGear WG311v1 wireless adapter allows remote attackers to execute arbitrary code via an 802.11 management frame with a long SSID.
34 CVE-2006-6059 Exec Code Overflow Mem. Corr. 2006-11-21 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear MA521 PCMCIA adapter allows remote attackers to execute arbitrary code via (1) beacon or (2) probe 802.11 frame responses with an long supported rates information element. NOTE: this issue was reported as a "memory corruption" error, but the associated exploit code suggests that it is a buffer overflow.
35 CVE-2006-5972 Exec Code Overflow 2006-11-17 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in WG111v2.SYS in NetGear WG111v2 wireless adapter (USB) allows remote attackers to execute arbitrary code via a long 802.11 beacon request.
36 CVE-2006-4765 DoS 2006-09-13 2008-09-05
5.0
None Remote Low Not required None None Partial
NETGEAR DG834GT Wireless ADSL router running firmware 1.01.28 allows attackers to cause a denial of service (device hang) via a long string in the username field in the login window.
37 CVE-2006-4143 DoS 2006-08-14 2008-09-05
7.8
None Remote Low Not required None None Complete
Netgear FVG318 running firmware 1.0.40 allows remote attackers to cause a denial of service (router reset) via TCP packets with bad checksums.
38 CVE-2006-1068 DoS 2006-03-07 2008-09-05
4.9
None Local Low Not required None None Complete
Netgear 614 and 624 routers, possibly running VXWorks, allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value.
39 CVE-2006-1003 +Priv +Info 2006-03-06 2008-09-05
5.0
None Remote Low Not required Partial None None
The backup configuration option in NETGEAR WGT624 Wireless Firewall Router stores sensitive information in cleartext, which allows remote attackers to obtain passwords and gain privileges.
40 CVE-2006-1002 255 2006-03-06 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
NETGEAR WGT624 Wireless DSL router has a default account of super_username "Gearguy" and super_passwd "Geardog", which allows remote attackers to modify the configuration. NOTE: followup posts have suggested that this might not occur with all WGT624 routers.
41 CVE-2005-4220 119 DoS Overflow 2005-12-14 2008-09-05
7.8
None Remote Low Not required None None Complete
Netgear RP114, and possibly other versions and devices, allows remote attackers to cause a denial of service via a SYN flood attack between one system on the internal interface and another on the external interface, which temporarily stops routing between the interfaces, as demonstrated using nmap.
42 CVE-2005-0328 2005-05-02 2008-09-05
5.0
None Remote Low Not required Partial None None
Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest firmware, allows remote attackers on the WAN to obtain the IP address of the LAN side interface by pinging a valid LAN IP address, which generates an ARP reply from the WAN address side that maps the LAN IP address to the WAN's MAC address.
43 CVE-2005-0291 XSS 2005-01-17 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via a blocked URL phrase.
44 CVE-2005-0290 Bypass 2005-01-17 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to bypass the filters using hex encoded URLs, as demonstrated using a hex encoded file extension.
45 CVE-2004-2557 2004-12-31 2013-08-25
5.0
None Remote Low Not required None Partial None
NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration.
46 CVE-2004-2556 2004-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration.
47 CVE-2004-2032 Bypass 2004-05-24 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Netgear RP114 allows remote attackers to bypass the keyword based URL filtering by requesting a long URL, as demonstrated using a large number of %20 (hex-encoded space) sequences.
48 CVE-2004-0611 DoS 2004-12-06 2008-09-05
5.0
None Remote Low Not required None None Partial
Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service (no new connections) via a large number of open HTTP connections.
49 CVE-2003-1427 22 Dir. Trav. 2003-12-31 2008-09-05
6.4
None Remote Low Not required Partial None Partial
Directory traversal vulnerability in the web configuration interface in Netgear FM114P 1.4 allows remote attackers to read arbitrary files, such as the netgear.cfg coniguration file, via a hex-encoded (%2e%2e%2f) ../ (dot dot slash) in the port parameter.
50 CVE-2002-2355 255 +Info 2002-12-31 2008-09-05
7.1
None Remote Medium Not required Complete None None
Netgear FM114P firmware 1.3 wireless firewall, when configured to backup configuration information, stores DDNS (DynDNS) user name and password, MAC address filtering table and possibly other information in cleartext, which could allow local users to obtain sensitive information.
Total number of vulnerabilities : 59   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.