Filtered by vendor Netgear
Subscribe
Total
1316 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-52026 | 1 Netgear | 6 R6400v2, R6400v2 Firmware, R7000p and 3 more | 2025-05-21 | N/A | 5.7 MEDIUM |
|
Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at bsw_pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
|
|||||
| CVE-2024-51010 | 1 Netgear | 8 R6400v2, R6400v2 Firmware, R7000p and 5 more | 2025-05-21 | N/A | 8.0 HIGH |
|
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component ap_mode.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
|
|||||
| CVE-2025-4149 | 1 Netgear | 2 Ex6200, Ex6200 Firmware | 2025-05-19 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was found in Netgear EX6200 1.0.3.94. It has been classified as critical. This affects the function sub_54014. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-4117 | 1 Netgear | 2 Jwnr2000, Jwnr2000 Firmware | 2025-05-16 | 5.2 MEDIUM | 5.5 MEDIUM |
|
A vulnerability, which was classified as critical, was found in Netgear JWNR2000v2 1.0.0.11. This affects the function sub_41A914. The manipulation of the argument host leads to buffer overflow. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-4115 | 1 Netgear | 2 Jwnr2000, Jwnr2000 Firmware | 2025-05-16 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability classified as critical was found in Netgear JWNR2000v2 1.0.0.11. Affected by this vulnerability is the function default_version_is_new. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-4116 | 1 Netgear | 2 Jwnr2000, Jwnr2000 Firmware | 2025-05-16 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability, which was classified as critical, has been found in Netgear JWNR2000v2 1.0.0.11. Affected by this issue is the function get_cur_lang_ver. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2022-42221 | 1 Netgear | 2 R6220, R6220 Firmware | 2025-05-15 | N/A | 8.8 HIGH |
|
Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, resulting in a command injection vulnerability.
|
|||||
| CVE-2025-4120 | 1 Netgear | 2 Jwnr2000v2, Jwnr2000v2 Firmware | 2025-05-13 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been classified as critical. Affected is the function sub_4238E8. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-4121 | 1 Netgear | 2 Jwnr2000v2, Jwnr2000v2 Firmware | 2025-05-13 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been declared as critical. Affected by this vulnerability is the function cmd_wireless. The manipulation of the argument host leads to command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-4150 | 1 Netgear | 2 Ex6200, Ex6200 Firmware | 2025-05-13 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was found in Netgear EX6200 1.0.3.94. It has been declared as critical. This vulnerability affects the function sub_54340. The manipulation of the argument host leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-45492 | 1 Netgear | 2 Ex8000, Ex8000 Firmware | 2025-05-13 | N/A | 9.8 CRITICAL |
|
Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function.
|
|||||
| CVE-2025-4122 | 1 Netgear | 2 Jwnr2000v2, Jwnr2000v2 Firmware | 2025-05-12 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been rated as critical. Affected by this issue is the function sub_435E04. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-4140 | 1 Netgear | 2 Ex6120, Ex6120 Firmware | 2025-05-12 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability, which was classified as critical, has been found in Netgear EX6120 1.0.3.94. Affected by this issue is the function sub_30394. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-4141 | 1 Netgear | 2 Ex6200, Ex6200 Firmware | 2025-05-12 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. This affects the function sub_3C03C. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-4142 | 1 Netgear | 2 Ex6120, Ex6200 Firmware | 2025-05-12 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. This vulnerability affects the function sub_3C8EC. The manipulation of the argument host leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-4145 | 1 Netgear | 2 Ex6200, Ex6200 Firmware | 2025-05-12 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability, which was classified as critical, has been found in Netgear EX6200 1.0.3.94. This issue affects the function sub_3D0BC. The manipulation of the argument host leads to buffer overflow. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-4146 | 1 Netgear | 2 Ex6200, Ex6200 Firmware | 2025-05-12 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. Affected is the function sub_41940. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-4147 | 1 Netgear | 2 Ex6200, Ex6200 Firmware | 2025-05-12 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this vulnerability is the function sub_47F7C. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-4148 | 1 Netgear | 2 Ex6200, Ex6200 Firmware | 2025-05-12 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this issue is the function sub_503FC. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-57235 | 1 Netgear | 2 Rax50, Rax50 Firmware | 2025-05-07 | N/A | 9.8 CRITICAL |
|
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function.
|
|||||
| CVE-2024-57234 | 1 Netgear | 2 Rax50, Rax50 Firmware | 2025-05-07 | N/A | 9.8 CRITICAL |
|
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.
|
|||||
| CVE-2024-57233 | 1 Netgear | 2 Rax50, Rax50 Firmware | 2025-05-07 | N/A | 9.8 CRITICAL |
|
NETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.
|
|||||
| CVE-2024-57232 | 1 Netgear | 2 Rax50, Rax50 Firmware | 2025-05-07 | N/A | 9.8 CRITICAL |
|
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.
|
|||||
| CVE-2024-57231 | 1 Netgear | 2 Rax50, Rax50 Firmware | 2025-05-07 | N/A | 9.8 CRITICAL |
|
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.
|
|||||
| CVE-2024-57230 | 1 Netgear | 2 Rax50, Rax50 Firmware | 2025-05-07 | N/A | 9.8 CRITICAL |
|
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.
|
|||||
| CVE-2024-57229 | 1 Netgear | 2 Rax50, Rax50 Firmware | 2025-05-07 | N/A | 9.8 CRITICAL |
|
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.
|
|||||
| CVE-2024-50996 | 1 Netgear | 8 R6400v2, R6400v2 Firmware, R7000p and 5 more | 2025-05-07 | N/A | 5.7 MEDIUM |
|
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the bpa_server parameter at genie_bpa.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
|
|||||
| CVE-2024-51003 | 1 Netgear | 8 R6400v2, R6400v2 Firmware, R7000p and 5 more | 2025-05-07 | N/A | 5.7 MEDIUM |
|
Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component ap_mode.cgi via the apmode_dns1_pri and apmode_dns1_sec parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request.
|
|||||
| CVE-2024-52018 | 1 Netgear | 2 Xr300, Xr300 Firmware | 2025-05-02 | N/A | 8.0 HIGH |
|
Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at genie_dyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
|
|||||
| CVE-2024-52017 | 1 Netgear | 2 Xr300, Xr300 Firmware | 2025-05-02 | N/A | 5.7 MEDIUM |
|
Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at bridge_wireless_main.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
|
|||||
| CVE-2024-51022 | 1 Netgear | 2 Xr300, Xr300 Firmware | 2025-05-02 | N/A | 5.7 MEDIUM |
|
Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the ssid parameter in bridge_wireless_main.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
|
|||||
| CVE-2024-51016 | 1 Netgear | 2 Xr300, Xr300 Firmware | 2025-05-02 | N/A | 5.7 MEDIUM |
|
Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the addName%d parameter in usb_approve.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
|
|||||
| CVE-2024-51014 | 1 Netgear | 2 Xr300, Xr300 Firmware | 2025-05-02 | N/A | 5.7 MEDIUM |
|
Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the ssid_an parameter in bridge_wireless_main.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
|
|||||
| CVE-2024-51008 | 1 Netgear | 2 Xr300, Xr300 Firmware | 2025-05-02 | N/A | 8.0 HIGH |
|
Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at wiz_dyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
|
|||||
| CVE-2024-51007 | 1 Netgear | 2 Xr300, Xr300 Firmware | 2025-05-02 | N/A | 5.7 MEDIUM |
|
Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at wireless.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
|
|||||
| CVE-2025-28219 | 1 Netgear | 2 Dc112a, Dc112a Firmware | 2025-05-02 | N/A | 9.8 CRITICAL |
|
Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in the usb_adv.cgi, which allows remote attackers to execute arbitrary commands via parameter "deviceName" passed to the binary through a POST request.
|
|||||
| CVE-2024-52021 | 1 Netgear | 2 R8500, R8500 Firmware | 2025-05-02 | N/A | 8.0 HIGH |
|
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at bsw_fix.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
|
|||||
| CVE-2024-52020 | 1 Netgear | 2 R8500, R8500 Firmware | 2025-05-02 | N/A | 8.0 HIGH |
|
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at wiz_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
|
|||||
| CVE-2024-52019 | 1 Netgear | 2 R8500, R8500 Firmware | 2025-05-02 | N/A | 8.0 HIGH |
|
Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
|
|||||
| CVE-2024-51012 | 1 Netgear | 2 R8500, R8500 Firmware | 2025-05-02 | N/A | 5.7 MEDIUM |
|
Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_pri_dns parameter at ipv6_fix.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
|
|||||