A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253382 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Max CVSS
6.5
EPSS Score
0.05%
Published
2024-02-11
Updated
2024-03-21
A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253381 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Max CVSS
6.5
EPSS Score
0.05%
Published
2024-02-11
Updated
2024-03-21
A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication.
Max CVSS
9.8
EPSS Score
0.17%
Published
2023-12-15
Updated
2023-12-19
A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-11-29
Updated
2023-12-05
NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.21%
Published
2023-11-29
Updated
2023-12-05
In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-based buffer overflow in /usr/sbin/httpd.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-12-08
Updated
2023-12-12
A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Max CVSS
7.2
EPSS Score
0.05%
Published
2024-03-07
Updated
2024-03-08
Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the check_auth function.
Max CVSS
8.8
EPSS Score
0.05%
Published
2023-08-07
Updated
2023-08-09
Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi.
Max CVSS
9.8
EPSS Score
0.11%
Published
2023-08-07
Updated
2023-08-09
Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set.
Max CVSS
8.8
EPSS Score
0.05%
Published
2023-08-07
Updated
2023-08-09
Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer overflow via the http_passwd parameter in password.cgi.
Max CVSS
8.8
EPSS Score
0.05%
Published
2023-08-07
Updated
2023-08-09
Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi.
Max CVSS
6.5
EPSS Score
0.04%
Published
2023-08-07
Updated
2023-08-09
Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function.
Max CVSS
8.8
EPSS Score
0.05%
Published
2023-08-07
Updated
2023-08-09
Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters.
Max CVSS
8.8
EPSS Score
0.05%
Published
2023-08-07
Updated
2023-08-09
Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer overflows via the wla_ssid and wla_temp_ssid parameters at bsw_ssid.cgi.
Max CVSS
8.8
EPSS Score
0.05%
Published
2023-08-07
Updated
2023-08-09
Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi.
Max CVSS
8.8
EPSS Score
0.05%
Published
2023-08-07
Updated
2023-08-09
Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_wifi_change.cgi.
Max CVSS
8.8
EPSS Score
0.05%
Published
2023-08-07
Updated
2023-08-09
Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd.
Max CVSS
9.8
EPSS Score
0.21%
Published
2023-09-01
Updated
2023-09-07
netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overflow after authentication.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-06-20
Updated
2023-06-28
Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. If an attacker gains web management privileges, they can inject commands into the post request parameters, gaining shell privileges.
Max CVSS
8.8
EPSS Score
0.05%
Published
2023-06-06
Updated
2023-06-14
There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges.
Max CVSS
9.8
EPSS Score
0.11%
Published
2023-06-06
Updated
2023-06-12
Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0.0.26 allows a remote attacker to execute arbitrary code and cause a denial ofservice via the getInputData parameter of the fwSchedule.cgi page.
Max CVSS
9.8
EPSS Score
0.31%
Published
2023-04-26
Updated
2023-05-08
Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s web service containing a “Content-Type” of “multipartboundary=” will result in the request body being written to “/tmp/mulipartFile” on the device itself. A sufficiently large file will cause device resources to be exhausted, resulting in the device becoming unusable until it is rebooted.
Max CVSS
7.5
EPSS Score
0.08%
Published
2023-03-15
Updated
2023-03-21
When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the device.
Max CVSS
8.8
EPSS Score
0.09%
Published
2023-03-15
Updated
2023-03-21
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device.
Max CVSS
9.8
EPSS Score
0.25%
Published
2023-03-10
Updated
2023-03-16
1129 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!