Netgear : Security Vulnerabilities, CVEs, CVSS score >= 9
A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication.
Max CVSS
9.8
EPSS Score
0.17%
Published
2023-12-15
Updated
2023-12-19
NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code.
Max CVSS
9.8
EPSS Score
0.21%
Published
2023-11-29
Updated
2023-12-05
In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-based buffer overflow in /usr/sbin/httpd.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-12-08
Updated
2023-12-12
Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-08-07
Updated
2023-08-09
Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd.
Max CVSS
9.8
EPSS Score
0.21%
Published
2023-09-01
Updated
2023-09-07
netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overflow after authentication.
Max CVSS
9.8
EPSS Score
0.09%
Published
2023-06-20
Updated
2023-06-28
There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges.
Max CVSS
9.8
EPSS Score
0.11%
Published
2023-06-06
Updated
2023-06-12
Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0.0.26 allows a remote attacker to execute arbitrary code and cause a denial ofservice via the getInputData parameter of the fwSchedule.cgi page.
Max CVSS
9.8
EPSS Score
0.31%
Published
2023-04-26
Updated
2023-05-08
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device.
Max CVSS
9.8
EPSS Score
0.25%
Published
2023-03-10
Updated
2023-03-16
NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device.
Max CVSS
9.8
EPSS Score
0.28%
Published
2023-03-10
Updated
2023-03-16
Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device's web management interface by resetting the admin password.
Max CVSS
9.8
EPSS Score
0.17%
Published
2023-03-14
Updated
2023-03-21
A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221152.
Max CVSS
9.8
EPSS Score
0.29%
Published
2023-02-15
Updated
2024-04-11
NETGEAR Nighthawk WiFi Mesh systems and routers are affected by a stack-based buffer overflow vulnerability. This affects MR60 before 1.1.7.132, MS60 before 1.1.7.132, R6900P before 1.3.3.154, R7000P before 1.3.3.154, R7960P before 1.4.4.94, and R8000P before 1.4.4.94.
Max CVSS
9.8
EPSS Score
0.19%
Published
2023-02-13
Updated
2023-02-23
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.122, R6900P before 1.3.3.152, R7000P before 1.3.3.152, R7000 before 1.0.11.136, R7960P before 1.4.4.94, and R8000P before 1.4.4.94.
Max CVSS
9.8
EPSS Score
0.18%
Published
2022-12-30
Updated
2023-01-10
Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow via parameters: stamode_dns1_pri and stamode_dns1_sec.
Max CVSS
9.8
EPSS Score
0.21%
Published
2022-11-22
Updated
2022-11-23
Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_server_ip.
Max CVSS
9.8
EPSS Score
0.21%
Published
2022-11-22
Updated
2022-11-23
Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_push1.
Max CVSS
9.8
EPSS Score
0.21%
Published
2022-11-22
Updated
2022-11-23
Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_server_ip.
Max CVSS
9.8
EPSS Score
0.21%
Published
2022-11-22
Updated
2022-11-23
Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter openvpn_push1.
Max CVSS
9.8
EPSS Score
0.21%
Published
2022-11-22
Updated
2022-11-23
Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters apmode_dns1_pri and apmode_dns1_sec.
Max CVSS
9.8
EPSS Score
0.14%
Published
2022-11-22
Updated
2022-11-23
Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameters: starthour, startminute , endhour, and endminute.
Max CVSS
9.8
EPSS Score
0.21%
Published
2022-11-22
Updated
2022-11-23
Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameters KEY1 and KEY2.
Max CVSS
9.8
EPSS Score
0.21%
Published
2022-11-22
Updated
2022-11-23
Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter enable_band_steering.
Max CVSS
9.8
EPSS Score
0.21%
Published
2022-11-22
Updated
2022-11-23
Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter enable_band_steering.
Max CVSS
9.8
EPSS Score
0.21%
Published
2022-11-22
Updated
2022-11-23
Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via wan_dns1_pri.
Max CVSS
9.8
EPSS Score
0.21%
Published
2022-11-22
Updated
2022-11-23