Filtered by vendor Netgear
Subscriptions
Total
1306 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-44650 | 1 Netgear | 4 Eax80, Eax80 Firmware, R7000 and 1 more | 2025-08-07 | 7.5 High |
| In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2, the USERLIMIT_GLOBAL option is set to 0 in the bftpd.conf configuration file. This can cause DoS attacks when unlimited users are connected. | ||||
| CVE-2025-44658 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-08-07 | 9.8 Critical |
| In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tricking the web server into executing them as PHP, bypassing security mechanisms based on file extension filtering. This may lead to remote code execution (RCE), information disclosure, or full system compromise. | ||||
| CVE-2023-44445 | 1 Netgear | 2 Cax30, Cax30 Firmware | 2025-08-07 | N/A |
| NETGEAR CAX30 SSO Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sso binary. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19058. | ||||
| CVE-2023-35721 | 1 Netgear | 2 Rax50, Rax50 Firmware | 2025-08-07 | 8.8 High |
| NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the update functionality, which operates over HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19981. | ||||
| CVE-2013-10063 | 1 Netgear | 1 Sph200d | 2025-08-06 | N/A |
| A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions <= 1.0.4.80 in its embedded web server. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside the web root by injecting traversal sequences. This can expose sensitive system files and configuration data. | ||||
| CVE-2023-50677 | 1 Netgear | 2 Dgnd4000, Dgnd4000 Firmware | 2025-07-28 | 8.8 High |
| An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attacker to escalate privileges via the next_file parameter to the /setup.cgi component. | ||||
| CVE-2025-6511 | 1 Netgear | 2 Ex6150, Ex6150 Firmware | 2025-07-16 | 8.8 High |
| A vulnerability classified as critical has been found in Netgear EX6150 1.0.0.46_1.0.76. This affects the function sub_410090. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-6510 | 1 Netgear | 2 Ex6100, Ex6100 Firmware | 2025-07-16 | 8.8 High |
| A vulnerability was found in Netgear EX6100 1.0.2.28_1.1.138. It has been rated as critical. Affected by this issue is the function sub_415EF8. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-7407 | 1 Netgear | 2 D6400, D6400 Firmware | 2025-07-16 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in Netgear D6400 1.0.0.114. This affects an unknown part of the file diag.cgi. The manipulation of the argument host_name leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early and confirmed the existence of the vulnerability. They reacted very quickly, professional and kind. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-4235 | 1 Netgear | 1 Dg834gv5 | 2025-07-13 | 2.7 Low |
| A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-262126 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7153 | 1 Netgear | 1 Wn604 | 2025-07-12 | 5.3 Medium |
| A vulnerability classified as problematic has been found in Netgear WN604 up to 20240719. Affected is an unknown function of the file siteSurvey.php. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-6646 | 1 Netgear | 1 Wn604 | 2025-07-12 | 5.3 Medium |
| A vulnerability was found in Netgear WN604 up to 20240710. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /downloadFile.php of the component Web Interface. The manipulation of the argument file with the input config leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-25246 | 1 Netgear | 2 Xr1000, Xr500 | 2025-07-12 | 8.1 High |
| NETGEAR XR1000 before 1.0.0.74, XR1000v2 before 1.1.0.22, and XR500 before 2.3.2.134 allow remote code execution by unauthenticated users. | ||||
| CVE-2024-57046 | 1 Netgear | 2 Dgn2200, Dgn2200 Firmware | 2025-07-07 | 8.8 High |
| A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication. | ||||
| CVE-2025-6565 | 1 Netgear | 1 Wnce3001 | 2025-07-06 | 8.8 High |
| A vulnerability was found in Netgear WNCE3001 1.0.0.50. It has been classified as critical. This affects the function http_d of the component HTTP POST Request Handler. The manipulation of the argument Host leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4135 | 1 Netgear | 2 Wg302v2, Wg302v2 Firmware | 2025-06-24 | 6.3 Medium |
| A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function ui_get_input_value. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-4139 | 1 Netgear | 2 Ex6120, Ex6120 Firmware | 2025-06-24 | 8.8 High |
| A vulnerability classified as critical was found in Netgear EX6120 1.0.0.68. Affected by this vulnerability is the function fwAcosCgiInbound. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-5934 | 1 Netgear | 2 Ex3700, Ex3700 Firmware | 2025-06-24 | 8.8 High |
| A vulnerability was found in Netgear EX3700 up to 1.0.0.88. It has been classified as critical. Affected is the function sub_41619C of the file /mtd. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.0.98 is able to address this issue. It is recommended to upgrade the affected component. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-4977 | 1 Netgear | 2 Dgnd3700, Dgnd3700 Firmware | 2025-06-12 | 5.3 Medium |
| A vulnerability, which was classified as problematic, has been found in Netgear DGND3700 1.1.00.15_1.00.15NA. Affected by this issue is some unknown functionality of the file /BRS_top.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. | ||||
| CVE-2025-4978 | 1 Netgear | 2 Dgnd3700, Dgnd3700 Firmware | 2025-06-12 | 9.8 Critical |
| A vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.15_1.00.15NA. This affects an unknown part of the file /BRS_top.html of the component Basic Authentication. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. | ||||