# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2021-27276 |
22 |
|
Dir. Trav. Bypass |
2021-03-29 |
2021-03-30 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the MibController class. When parsing the realName parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12122. |
2 |
CVE-2021-27275 |
22 |
|
Dir. Trav. Bypass |
2021-03-29 |
2021-03-30 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ConfigFileController class. When parsing the realName parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information or to create a denial-of-service condition on the system. Was ZDI-CAN-12125. |
3 |
CVE-2021-27274 |
434 |
|
Exec Code |
2021-03-29 |
2021-03-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUploadController class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12124. |
4 |
CVE-2021-27273 |
78 |
|
Exec Code Bypass |
2021-03-29 |
2021-03-30 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SettingConfigController class. When parsing the fileName parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12121. |
5 |
CVE-2021-27272 |
22 |
|
Dir. Trav. Bypass |
2021-03-29 |
2021-03-30 |
7.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Complete |
This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ReportTemplateController class. When parsing the path parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12123. |
6 |
CVE-2021-20172 |
732 |
|
|
2021-12-30 |
2022-07-12 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
All known versions of the Netgear Genie Installer for macOS contain a local privilege escalation vulnerability. The installer of the macOS version of Netgear Genie handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which the software is going to be installed may overwrite certain files to obtain privilege escalation to root. |
7 |
CVE-2020-12695 |
276 |
|
|
2020-06-08 |
2021-04-23 |
7.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Complete |
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. |
8 |
CVE-2019-12591 |
77 |
|
|
2019-06-03 |
2019-10-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection. |
9 |
CVE-2018-21160 |
352 |
|
CSRF |
2020-04-23 |
2020-04-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF. |
10 |
CVE-2018-21159 |
|
|
|
2020-04-27 |
2020-05-04 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
NETGEAR ReadyNAS devices before 6.9.3 are affected by incorrect configuration of security settings. |
11 |
CVE-2018-21102 |
352 |
|
CSRF |
2020-04-23 |
2020-05-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF. |
12 |
CVE-2017-18861 |
352 |
|
CSRF |
2020-04-28 |
2020-05-05 |
7.9 |
None |
Local Network |
Medium |
Not required |
Complete |
Complete |
Complete |
Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier. |
13 |
CVE-2017-18857 |
521 |
|
Bypass |
2020-04-28 |
2020-05-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The NETGEAR Insight application before 2.42 for Android and iOS is affected by password mismanagement. |
14 |
CVE-2017-18856 |
74 |
|
|
2020-04-29 |
2020-05-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
NETGEAR ReadyNAS devices before 6.6.1 are affected by command injection. |
15 |
CVE-2017-18854 |
74 |
|
|
2020-04-29 |
2020-05-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
NETGEAR ReadyNAS 6.6.1 and earlier is affected by command injection. |
16 |
CVE-2017-18820 |
79 |
|
XSS |
2020-04-21 |
2020-04-24 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. |
17 |
CVE-2017-18819 |
|
|
|
2020-04-21 |
2020-04-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by incorrect configuration of security settings. |
18 |
CVE-2017-18816 |
79 |
|
XSS |
2020-04-21 |
2020-04-24 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. |
19 |
CVE-2017-18815 |
79 |
|
XSS |
2020-04-21 |
2020-04-24 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. |
20 |
CVE-2017-18814 |
79 |
|
XSS |
2020-04-21 |
2020-04-24 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. |
21 |
CVE-2017-18813 |
79 |
|
XSS |
2020-04-21 |
2020-04-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. |
22 |
CVE-2017-18812 |
79 |
|
XSS |
2020-04-21 |
2020-04-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. |
23 |
CVE-2017-18811 |
79 |
|
XSS |
2020-04-21 |
2020-04-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. |
24 |
CVE-2017-18810 |
79 |
|
XSS |
2020-04-21 |
2020-04-24 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. |
25 |
CVE-2017-18809 |
79 |
|
XSS |
2020-04-21 |
2020-04-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. |
26 |
CVE-2017-18808 |
|
|
|
2020-04-21 |
2020-04-23 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by incorrect configuration of security settings. |
27 |
CVE-2017-18807 |
79 |
|
XSS |
2020-04-21 |
2020-04-24 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS. |
28 |
CVE-2017-2137 |
|
|
Bypass |
2017-04-28 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests. |
29 |
CVE-2016-11058 |
613 |
|
|
2020-04-28 |
2020-05-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The NETGEAR genie application before 2.4.34 for Android is affected by mishandling of hard-coded API keys and session IDs. |
30 |
CVE-2016-11056 |
|
|
|
2020-04-28 |
2020-05-05 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
Certain NETGEAR devices are affected by anonymous root access. This affects ReadyNAS Surveillance 1.1.1-3-armel and earlier and ReadyNAS Surveillance 1.4.1-3-amd64 and earlier. |
31 |
CVE-2016-5680 |
119 |
|
Exec Code Overflow |
2016-08-31 |
2017-09-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command. |
32 |
CVE-2016-5679 |
78 |
|
Exec Code |
2016-08-31 |
2017-09-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command. |
33 |
CVE-2016-5677 |
200 |
|
+Info |
2016-08-31 |
2017-09-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request. |
34 |
CVE-2016-5676 |
285 |
|
|
2016-08-31 |
2017-09-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action. |
35 |
CVE-2016-5675 |
20 |
|
Exec Code |
2016-08-31 |
2017-09-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter. |
36 |
CVE-2016-5674 |
20 |
|
Exec Code |
2016-08-31 |
2017-09-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter. |
37 |
CVE-2016-1525 |
22 |
|
Dir. Trav. |
2016-02-13 |
2018-10-09 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter. |
38 |
CVE-2016-1524 |
|
|
Exec Code |
2016-02-13 |
2018-10-09 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI. |
39 |
CVE-2014-4927 |
119 |
1
|
DoS Overflow |
2014-07-24 |
2014-07-25 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request. |
40 |
CVE-2014-4864 |
255 |
|
+Info |
2014-09-10 |
2014-09-10 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
The NETGEAR ProSafe Plus Configuration Utility creates configuration backup files containing cleartext passwords, which might allow remote attackers to obtain sensitive information by reading a file. |
41 |
CVE-2013-2752 |
352 |
|
CSRF |
2013-12-12 |
2019-07-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users. |
42 |
CVE-2013-2751 |
94 |
1
|
Exec Code |
2013-12-12 |
2019-07-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow." |
43 |
CVE-2012-2439 |
264 |
|
|
2012-04-28 |
2012-09-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors. |
44 |
CVE-2009-2257 |
287 |
1
|
Bypass |
2009-06-30 |
2018-10-10 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/. |
45 |
CVE-2009-2256 |
20 |
1
|
DoS |
2009-06-30 |
2018-10-10 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg. |
46 |
CVE-2009-0680 |
22 |
|
DoS Dir. Trav. |
2009-02-22 |
2017-09-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences. |
47 |
CVE-2008-6122 |
20 |
|
DoS |
2009-02-11 |
2017-08-08 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
The web management interface in Netgear WGR614v9 allows remote attackers to cause a denial of service (crash) via a request that contains a question mark ("?"). |
48 |
CVE-2008-1197 |
20 |
|
DoS Exec Code |
2008-09-05 |
2018-10-11 |
6.3 |
None |
Remote |
Medium |
??? |
None |
None |
Complete |
The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse the SSID information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via a "Null SSID." |
49 |
CVE-2008-1144 |
20 |
|
DoS Exec Code |
2008-09-05 |
2018-10-11 |
6.3 |
None |
Remote |
Medium |
??? |
None |
None |
Complete |
The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse EAPoL-Key packets, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via a malformed EAPoL-Key packet with a crafted "advertised length." |
50 |
CVE-2007-5562 |
79 |
|
XSS |
2007-10-18 |
2017-07-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in cgi-bin/welcome (aka the login page) in Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 allows remote attackers to inject arbitrary web script or HTML via the err parameter in the context of an error page. |