Vulnerabilities (CVE)

Filtered by vendor Netgear Subscribe
Total 1142 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-18708 1 Netgear 4 R8300, R8300 Firmware, R8500 and 1 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Certain NETGEAR devices are affected by CSRF. This affects R8300 before 1.0.2.94 and R8500 before 1.0.2.94.
CVE-2017-18707 1 Netgear 4 R8300, R8300 Firmware, R8500 and 1 more 2024-11-21 5.2 MEDIUM 6.8 MEDIUM
Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R8300 before 1.0.2.106 and R8500 before 1.0.2.106.
CVE-2017-18706 1 Netgear 12 R6100, R6100 Firmware, R7500 and 9 more 2024-11-21 3.3 LOW 6.5 MEDIUM
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6100 before 1.0.1.20, R7500 before 1.0.0.118, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.62.
CVE-2017-18705 1 Netgear 18 D7800, D7800 Firmware, R6100 and 15 more 2024-11-21 5.8 MEDIUM 8.8 HIGH
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, and WNR2000v5 before 1.0.0.62.
CVE-2017-18704 1 Netgear 36 D6220, D6220 Firmware, D6400 and 33 more 2024-11-21 3.3 LOW 6.5 MEDIUM
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D6220 before 1.0.0.32, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R7000 before 1.0.9.14, R7000P before 1.3.0.8, R6900P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.56, R7900 before 1.0.1.26, R8000 before 1.0.4.4, R8500 before 1.0.2.106, R8300 before 1.0.2.106, and WNDR3400v3 before 1.0.1.16.
CVE-2017-18703 1 Netgear 56 D1500, D1500 Firmware, D500 and 53 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Certain NETGEAR devices are affected by CSRF. This affects D1500 before 1.0.0.25, D500 before 1.0.0.25, D6100 before 1.0.0.55, D7000 before 1.0.1.50, D7800 before 1.0.1.28, EX6100v2 before 1.0.1.60, EX6150v2 before 1.0.1.60, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.16, JWNR2010v5 before 1.1.0.46, PR2000 before 1.0.0.18, R6020 before 1.0.0.26, R6050 before 1.0.1.16, R6080 before 1.0.0.26, R6100 before 1.0.1.20, R6220 before 1.1.0.60, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WN3000RPv3 before 1.0.2.50, WN3100RPv2 before 1.0.0.40, WNDR3700v5 before 1.1.0.48, WNDR4300v2 before 1.0.0.48, WNDR4500v3 before 1.0.0.48, WNR1000v4 before 1.1.0.46, WNR2000v5 before 1.0.0.62, WNR2020 before 1.1.0.46, and WNR2050 before 1.1.0.46.
CVE-2017-18702 1 Netgear 2 R6220, R6220 Firmware 2024-11-21 4.8 MEDIUM 5.4 MEDIUM
NETGEAR R6220 devices before 1.1.0.60 are affected by incorrect configuration of security settings.
CVE-2017-18701 1 Netgear 4 R6700, R6700 Firmware, R6900 and 1 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Certain NETGEAR devices are affected by reflected XSS. This affects R6700 before 1.0.1.36 and R6900 before 1.0.1.34.
CVE-2017-18700 1 Netgear 46 D6400, D6400 Firmware, D7000 and 43 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Certain NETGEAR devices are affected by stored XSS. This affects D6400 before 1.0.0.60, D7000 before 1.0.1.50, D8500 before 1.0.3.29, EX6200 before 1.0.3.84, EX7000 before 1.0.0.60, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R6900P before 1.3.0.8, R7000 before 1.0.9.14, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.56, R7900 before 1.0.1.26, R8000 before 1.0.4.4, R8300 before 1.0.2.106, R8500 before 1.0.2.106, R9000 before 1.0.2.52, WNDR3400v3 before 1.0.1.16, WNR3500Lv2 before 1.2.0.46, and WNDR3700v5 before 1.1.0.48.
CVE-2017-18699 1 Netgear 4 R7800, R7800 Firmware, R9000 and 1 more 2024-11-21 5.2 MEDIUM 6.8 MEDIUM
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40 and R9000 before 1.0.2.52.
CVE-2017-18698 1 Netgear 6 R6100, R6100 Firmware, R7800 and 3 more 2024-11-21 5.2 MEDIUM 6.8 MEDIUM
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6100 before 1.0.1.20, R7800 before 1.0.2.40, and R9000 before 1.0.2.52.
CVE-2017-18697 1 Netgear 4 R7800, R7800 Firmware, R9000 and 1 more 2024-11-21 5.2 MEDIUM 6.8 MEDIUM
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40 and R9000 before 1.0.2.52.
CVE-2017-18378 1 Netgear 2 Readynas Surveillance, Readynas Surveillance Firmware 2024-11-21 7.5 HIGH 8.4 HIGH
In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution.
CVE-2016-6277 1 Netgear 22 D6220, D6220 Firmware, D6400 and 19 more 2024-11-21 9.3 HIGH 8.8 HIGH
NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
CVE-2016-5680 2 Netgear, Nuuo 2 Readynas Surveillance, Nvrmini 2 2024-11-21 9.0 HIGH 8.8 HIGH
Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.
CVE-2016-5679 2 Netgear, Nuuo 2 Readynas Surveillance, Nvrmini 2 2024-11-21 9.0 HIGH 8.8 HIGH
cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.
CVE-2016-5677 2 Netgear, Nuuo 3 Readynas Surveillance, Nvrmini 2, Nvrsolo 2024-11-21 5.0 MEDIUM 7.5 HIGH
NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request.
CVE-2016-5676 2 Netgear, Nuuo 3 Readynas Surveillance, Nvrmini 2, Nvrsolo 2024-11-21 5.0 MEDIUM 7.5 HIGH
cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.
CVE-2016-5675 2 Netgear, Nuuo 4 Readynas Surveillance, Crystal, Nvrmini 2 and 1 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.
CVE-2016-5674 2 Netgear, Nuuo 3 Readynas Surveillance, Nvrmini 2, Nvrsolo 2024-11-21 10.0 HIGH 9.8 CRITICAL
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.