Vulnerabilities (CVE)

Filtered by vendor Netgear Subscribe
Total 1142 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-20488 1 Netgear 2 Wnr1000, Wnr1000 Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the web management interface (setup.cgi) are vulnerable to command injection, allowing remote attackers to execute arbitrary commands, as demonstrated by shell metacharacters in the sysDNSHost parameter.
CVE-2019-20487 1 Netgear 2 Wnr1000, Wnr1000 Firmware 2024-11-21 6.8 MEDIUM 8.8 HIGH
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the WNR1000V4 web management console are vulnerable to an unauthenticated GET request (exploitable directly or through CSRF), as demonstrated by the setup.cgi?todo=save_htp_account URI.
CVE-2019-20486 1 Netgear 2 Wnr1000, Wnr1000 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple pages (setup.cgi and adv_index.htm) within the web management console are vulnerable to stored XSS, as demonstrated by the configuration of the UI language.
CVE-2019-19964 1 Netgear 2 Gs728tps, Gs728tps Firmware 2024-11-21 4.0 MEDIUM 2.7 LOW
On NETGEAR GS728TPS devices through 5.3.0.35, a remote attacker having network connectivity to the web-administration panel can access part of the web panel, bypassing authentication.
CVE-2019-19494 4 Compal, Netgear, Sagemcom and 1 more 14 7284e, 7284e Firmware, 7486e and 11 more 2024-11-21 9.3 HIGH 8.8 HIGH
Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11.
CVE-2019-17373 1 Netgear 20 Dgn2200, Dgn2200 Firmware, Dgn2200m and 17 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2.
CVE-2019-17372 1 Netgear 66 Ac1450, Ac1450 Firmware, D8500 and 63 more 2024-11-21 4.3 MEDIUM 8.1 HIGH
Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. The attacker can then, for example, visit MNU_accessPassword_recovered.html to obtain a valid new admin password. This affects AC1450, D8500, DC112A, JNDR3000, LG2200D, R4500, R6200, R6200V2, R6250, R6300, R6300v2, R6400, R6700, R6900P, R6900, R7000P, R7000, R7100LG, R7300, R7900, R8000, R8300, R8500, WGR614v10, WN2500RPv2, WNDR3400v2, WNDR3700v3, WNDR4000, WNDR4500, WNDR4500v2, WNR1000, WNR1000v3, WNR3500L, and WNR3500L.
CVE-2019-17137 1 Netgear 2 Ac1200 R6220, Ac1200 R6220 Firmware 2024-11-21 7.5 HIGH 9.4 CRITICAL
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of path strings. By inserting a null byte into the path, the user can skip most authentication checks. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-8616.
CVE-2019-17049 1 Netgear 2 Srx5308, Srx5308 Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account.
CVE-2019-14527 1 Netgear 2 Mr1100, Mr1100 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. System commands can be executed, via the web interface, after authentication.
CVE-2019-14526 1 Netgear 2 Mr1100, Mr1100 Firmware 2024-11-21 5.8 MEDIUM 8.1 HIGH
An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. The web-interface Cross-Site Request Forgery token is stored in a dynamically generated JavaScript file, and therefore can be embedded in third party pages, and re-used against the Nighthawk web interface. This entirely bypasses the intended security benefits of the use of a CSRF-protection token.
CVE-2019-14363 1 Netgear 2 Wndr3400v3, Wndr3400v3 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
A stack-based buffer overflow in the upnpd binary running on NETGEAR WNDR3400v3 routers with firmware version 1.0.1.18_1.0.63 allows an attacker to remotely execute arbitrary code via a crafted UPnP SSDP packet.
CVE-2019-13395 1 Netgear 2 Cg3700b, Cg3700b Firmware 2024-11-21 6.8 MEDIUM 8.8 HIGH
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF against all /goform/ URIs. An attacker can modify all settings including WEP/WPA/WPA2 keys, restore the router to factory settings, or even upload an entire malicious configuration file.
CVE-2019-13394 1 Netgear 2 Cg3700b, Cg3700b Firmware 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP.
CVE-2019-13393 1 Netgear 2 Cg3700b, Cg3700b Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase.
CVE-2019-12591 1 Netgear 1 Insight 2024-11-21 6.5 MEDIUM 6.8 MEDIUM
NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection.
CVE-2019-12513 1 Netgear 2 Nighthawk X10-r9000, Nighthawk X10-r9000 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will generate a log entry containing the malicious hostname. This log entry may then be viewed at Advanced settings->Administration->Logs to trigger the exploit. Although this value is inserted into a textarea tag, converted to all-caps, and limited in length, attacks are still possible.
CVE-2019-12512 1 Netgear 2 Nighthawk X10-r9000, Nighthawk X10-r9000 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login attempt. The value supplied by this header will be inserted into administrative logs, found at Advanced settings->Administration->Logs, and may trigger when the page is viewed. Although this value is inserted into a textarea tag, the attack simply needs to supply a closing textarea tag.
CVE-2019-12511 1 Netgear 2 Nighthawk X10-r9000, Nighthawk X10-r9000 Firmware 2024-11-21 9.3 HIGH 9.8 CRITICAL
In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. Although this requires QoS being enabled, advanced QoS being enabled, and a valid authentication JWT, additional vulnerabilities (CVE-2019-12510) allow an attacker to interact with the entire SOAP API without authentication. Additionally, DNS rebinding techniques may be used to exploit this vulnerability remotely. Exploiting this vulnerability is somewhat involved. The following limitations apply to the payload and must be overcome for successful exploitation: - No more than 17 characters may be used. - At least one colon must be included to prevent mangling. - A single-quote and meta-character must be used to break out of the existing command. - Parent command remnants after the injection point must be dealt with. - The payload must be in all-caps. Despite these limitations, it is still possible to gain access to an interactive root shell via this vulnerability. Since the web server assigns certain HTTP headers to environment variables with all-caps names, it is possible to insert a payload into one such header and reference the subsequent environment variable in the injection point.
CVE-2019-12510 1 Netgear 2 Nighthawk X10-r9000, Nighthawk X10-r9000 Firmware 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API ("/soap/server_sa") by supplying a malicious X-Forwarded-For header of the device's LAN IP address (192.168.1.1) in every request. As a result, an attacker may modify almost all of the device's settings and view various configuration settings.