Vulnerabilities (CVE)

Filtered by vendor Netgear Subscribe
Filtered by product Wnr614
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-36788 1 Netgear 2 Wnr614, Wnr614 Firmware 2024-11-21 N/A 4.8 MEDIUM
Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices.
CVE-2019-20690 1 Netgear 16 D6200, D6200 Firmware, D7000 and 13 more 2024-11-21 5.8 MEDIUM 8.8 HIGH
Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.30, D7000 before 1.0.1.66, R6020 before 1.0.0.34, R6080 before 1.0.0.34, R6120 before 1.0.0.44, R6220 before 1.1.0.68, WNR2020 before 1.1.0.54, and WNR614 before 1.1.0.54.
CVE-2017-18791 1 Netgear 26 D7000, D7000 Firmware, Jnr1010 and 23 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Certain NETGEAR devices are affected by CSRF. This affects R6050/JR6150 before 1.0.1.7, PR2000 before 1.0.0.17, R6220 before 1.1.0.50, WNDR3700v5 before 1.1.0.48, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, WNR1000v4 before 1.1.0.40, WNR2020 before 1.1.0.40, WNR2050 before 1.1.0.40, WNR614 before 1.1.0.40, WNR618 before 1.1.0.40, and D7000 before 1.0.1.50.
CVE-2016-11057 1 Netgear 18 Jnr1010, Jnr1010 Firmware, Jwnr2000 and 15 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Certain NETGEAR devices are affected by mishandling of repeated URL calls. This affects JNR1010v2 before 2017-01-06, WNR614 before 2017-01-06, WNR618 before 2017-01-06, JWNR2000v5 before 2017-01-06, WNR2020 before 2017-01-06, JWNR2010v5 before 2017-01-06, WNR1000v4 before 2017-01-06, WNR2020v2 before 2017-01-06, R6220 before 2017-01-06, and WNDR3700v5 before 2017-01-06.
CVE-2016-10174 1 Netgear 56 D6100, D6100 Firmware, D7000 and 53 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.