Filtered by vendor Netgear
Subscribe
Total
1318 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-57231 | 1 Netgear | 2 Rax50, Rax50 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. | |||||
| CVE-2024-57230 | 1 Netgear | 2 Rax50, Rax50 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. | |||||
| CVE-2024-57229 | 1 Netgear | 2 Rax50, Rax50 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. | |||||
| CVE-2024-57046 | 1 Netgear | 2 Dgn2200, Dgn2200 Firmware | 2026-06-17 | N/A | 8.8 HIGH |
| A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication. | |||||
| CVE-2024-54809 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Netgear Inc WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the parse_st_header function due to use of a request header parameter in a strncpy where size is determined based on the input specified. By sending a specially crafted packet, an attacker can take control of the program counter and hijack control flow of the program to execute arbitrary system commands. | |||||
| CVE-2024-54808 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Netgear WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the SetDefaultConnectionService function due to an unconstrained use of sscanf. The vulnerability allows for control of the program counter and can be utilized to achieve arbitrary code execution. | |||||
| CVE-2024-54807 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| In Netgear WNR854T 1.5.2 (North America), the UPNP service is vulnerable to command injection in the function addmap_exec which parses the NewInternalClient parameter of the AddPortMapping SOAPAction into a system call without sanitation. An attacker can send a specially crafted SOAPAction request for AddPortMapping via the router's WANIPConn1 service to achieve arbitrary command execution. | |||||
| CVE-2024-54806 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Netgear WNR854T 1.5.2 (North America) is vulnerable to Arbitrary command execution in cmd.cgi which allows for the execution of system commands via the web interface. | |||||
| CVE-2024-54805 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter get_email. After which, they can visit the send_log.cgi endpoint which uses the parameter in a system call to achieve command execution. | |||||
| CVE-2024-54804 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter wan_hostname and forcing a reboot. This will result in command injection. | |||||
| CVE-2024-54803 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter pppoe_peer_mac and forcing a reboot. This will result in command injection. | |||||
| CVE-2024-54802 | 1 Netgear | 2 Wnr854t, Wnr854t Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| In Netgear WNR854T 1.5.2 (North America), the UPNP service (/usr/sbin/upnp) is vulnerable to stack-based buffer overflow in the M-SEARCH Host header. | |||||
| CVE-2024-52030 | 1 Netgear | 2 R7000p, R7000p Firmware | 2026-06-17 | N/A | 5.7 MEDIUM |
| Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at ru_wan_flow.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-52029 | 1 Netgear | 2 R7000p, R7000p Firmware | 2026-06-17 | N/A | 5.7 MEDIUM |
| Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at genie_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-52028 | 1 Netgear | 2 R7000p, R7000p Firmware | 2026-06-17 | N/A | 5.7 MEDIUM |
| Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at wiz_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-52026 | 1 Netgear | 6 R6400v2, R6400v2 Firmware, R7000p and 3 more | 2026-06-17 | N/A | 5.7 MEDIUM |
| Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at bsw_pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-52025 | 1 Netgear | 6 R6400v2, R6400v2 Firmware, R7000p and 3 more | 2026-06-17 | N/A | 5.7 MEDIUM |
| Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at geniepppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-52024 | 1 Netgear | 6 R6400v2, R6400v2 Firmware, R7000p and 3 more | 2026-06-17 | N/A | 5.7 MEDIUM |
| Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at wizpppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-52023 | 1 Netgear | 6 R6400v2, R6400v2 Firmware, R7000p and 3 more | 2026-06-17 | N/A | 5.7 MEDIUM |
| Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe2.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | |||||
| CVE-2024-52022 | 1 Netgear | 8 R6400v2, R6400v2 Firmware, R7000p and 5 more | 2026-06-17 | N/A | 8.0 HIGH |
| Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component wlg_adv.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | |||||