Filtered by vendor Netgear
Subscribe
Search
Total
123 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12511 | 1 Netgear | 2 Nighthawk X10-r9000, Nighthawk X10-r9000 Firmware | 2020-03-03 | 9.3 HIGH | 9.8 CRITICAL |
| In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled, and a valid authentication JWT, additional vulnerabilities (CVE-2019-12510) allow an attacker to interact with the entire SOAP API without authentication. Additionally, DNS rebinding techniques may be used to exploit this vulnerability remotely. Exploiting this vulnerability is somewhat involved. The following limitations apply to the payload and must be overcome for successful exploitation: - No more than 17 characters may be used. - At least one colon must be included to prevent mangling. - A single-quote and meta-character must be used to break out of the existing command. - Parent command remnants after the injection point must be dealt with. - The payload must be in all-caps. Despite these limitations, it is still possible to gain access to an interactive root shell via this vulnerability. Since the web server assigns certain HTTP headers to environment variables with all-caps names, it is possible to insert a payload into one such header and reference the subsequent environment variable in the injection point. | |||||
| CVE-2014-3919 | 1 Netgear | 2 Cg3100, Cg3100 Firmware | 2020-02-19 | 4.3 MEDIUM | 9.3 CRITICAL |
| A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information. | |||||
| CVE-2013-3316 | 1 Netgear | 2 Wnr1000, Wnr1000 Firmware | 2020-02-01 | 10.0 HIGH | 9.8 CRITICAL |
| Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg". | |||||
| CVE-2013-3317 | 1 Netgear | 2 Wnr1000, Wnr1000 Firmware | 2020-02-01 | 10.0 HIGH | 9.8 CRITICAL |
| Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key. | |||||
| CVE-2013-3071 | 1 Netgear | 2 Wndr4700, Wndr4700 Firmware | 2020-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass. | |||||
| CVE-2013-4657 | 1 Netgear | 4 Wnr3500l, Wnr3500l Firmware, Wnr3500u and 1 more | 2019-11-25 | 10.0 HIGH | 9.8 CRITICAL |
| Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service. | |||||
| CVE-2013-3073 | 1 Netgear | 2 Wndr4700, Wndr4700 Firmware | 2019-11-20 | 10.0 HIGH | 9.8 CRITICAL |
| A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34. | |||||
| CVE-2013-3072 | 1 Netgear | 2 Wndr4700, Wndr4700 Firmware | 2019-11-20 | 7.5 HIGH | 9.8 CRITICAL |
| An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal. | |||||
| CVE-2017-18378 | 1 Netgear | 2 Readynas Surveillance, Readynas Surveillance Firmware | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution. | |||||
| CVE-2016-5649 | 1 Netgear | 4 Dgn2200, Dgn2200 Firmware, Dgnd3700 and 1 more | 2019-10-09 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router's web interface. | |||||
| CVE-2019-14527 | 1 Netgear | 2 Mr1100, Mr1100 Firmware | 2019-08-27 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. System commands can be executed, via the web interface, after authentication. | |||||
| CVE-2018-18471 | 4 Axentra, Medion, Netgear and 1 more | 4 Hipserv, Lifecloud, Stora and 1 more | 2019-06-24 | 10.0 HIGH | 9.8 CRITICAL |
| /api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and MEDION LifeCloud, has an XXE vulnerability that can be chained with an SSRF bug to gain remote command execution as root. It can be triggered by anyone who knows the IP address of the affected device. | |||||
| CVE-2016-1555 | 1 Netgear | 14 Wn604, Wn604 Firmware, Wn802tv2 and 11 more | 2019-04-16 | 10.0 HIGH | 9.8 CRITICAL |
| (1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands. | |||||
| CVE-2016-1524 | 1 Netgear | 1 Prosafe Network Management Software 300 | 2018-10-09 | 8.3 HIGH | 9.6 CRITICAL |
| Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI. | |||||
| CVE-2016-10175 | 1 Netgear | 2 Wnr2000v5, Wnr2000v5 Firmware | 2017-09-03 | 5.0 MEDIUM | 9.8 CRITICAL |
| The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers to the password-recovery questions. | |||||
| CVE-2016-10174 | 1 Netgear | 2 Wnr2000v5, Wnr2000v5 Firmware | 2017-09-03 | 10.0 HIGH | 9.8 CRITICAL |
| The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution. | |||||
| CVE-2016-5675 | 2 Netgear, Nuuo | 4 Readynas Surveillance, Crystal, Nvrmini 2 and 1 more | 2017-09-03 | 10.0 HIGH | 9.8 CRITICAL |
| handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter. | |||||
| CVE-2016-5674 | 2 Netgear, Nuuo | 3 Readynas Surveillance, Nvrmini 2, Nvrsolo | 2017-09-03 | 10.0 HIGH | 9.8 CRITICAL |
| __debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter. | |||||
| CVE-2016-10176 | 1 Netgear | 2 Wnr2000v5, Wnr2000v5 Firmware | 2017-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server (uhttpd) and processed accordingly. The web server also contains another URL, apply_noauth.cgi, that allows an unauthenticated user to perform sensitive actions on the device. This functionality can be exploited to change the router settings (such as the answers to the password-recovery questions) and achieve remote code execution. | |||||
| CVE-2017-6862 | 1 Netgear | 6 Wnr2000v3, Wnr2000v3 Firmware, Wnr2000v4 and 3 more | 2017-07-18 | 7.5 HIGH | 9.8 CRITICAL |
| NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261. | |||||
| CVE-2016-1557 | 1 Netgear | 6 Wnap320, Wnap320 Firmware, Wndap350 and 3 more | 2017-04-27 | 5.0 MEDIUM | 9.8 CRITICAL |
| Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP. | |||||
| CVE-2017-6077 | 1 Netgear | 2 Dgn2200, Dgn2200 Firmware | 2017-03-02 | 10.0 HIGH | 9.8 CRITICAL |
| ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request. | |||||
| CVE-2016-10115 | 1 Netgear | 8 Arlo Base Station Firmware, Arlo Q Camera Firmware, Arlo Q Plus Camera Firmware and 5 more | 2017-01-11 | 10.0 HIGH | 9.8 CRITICAL |
| NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default password of 12345678, which makes it easier for remote attackers to obtain access after a factory reset or in a factory configuration. | |||||