Filtered by vendor Netgear
Subscribe
Total
1274 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20652 | 1 Netgear | 2 Wac505, Wac505 Firmware | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
| NETGEAR WAC505 devices before 8.2.1.16 are affected by disclosure of sensitive information. | |||||
| CVE-2019-20651 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 8.2.1.16 and WAC510 before 8.2.1.16. | |||||
| CVE-2019-20650 | 1 Netgear | 8 R8900, R8900 Firmware, R9000 and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Certain NETGEAR devices are affected by denial of service. This affects R8900 before 1.0.5.2, R9000 before 1.0.5.2, XR500 before 2.3.2.56, and XR700 before 1.0.1.20. | |||||
| CVE-2019-20649 | 1 Netgear | 2 Mr1100, Mr1100 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of sensitive information. | |||||
| CVE-2019-20648 | 1 Netgear | 2 Rn42400, Rn42400 Firmware | 2024-11-21 | 2.7 LOW | 3.5 LOW |
| NETGEAR RN42400 devices before 6.10.2 are affected by incorrect configuration of security settings. | |||||
| CVE-2019-20647 | 1 Netgear | 2 Rax40, Rax40 Firmware | 2024-11-21 | 2.7 LOW | 5.7 MEDIUM |
| NETGEAR RAX40 devices before 1.0.3.64 are affected by denial of service. | |||||
| CVE-2019-20646 | 1 Netgear | 2 Rax40, Rax40 Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of administrative credentials. | |||||
| CVE-2019-20645 | 1 Netgear | 2 Rax40, Rax40 Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS. | |||||
| CVE-2019-20644 | 1 Netgear | 2 Rax40, Rax40 Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS. | |||||
| CVE-2019-20643 | 1 Netgear | 2 Rax40, Rax40 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of sensitive information. | |||||
| CVE-2019-20642 | 1 Netgear | 2 Rax40, Rax40 Firmware | 2024-11-21 | 5.2 MEDIUM | 8.0 HIGH |
| NETGEAR RAX40 devices before 1.0.3.64 are affected by authentication bypass. | |||||
| CVE-2019-20641 | 1 Netgear | 2 Rax40, Rax40 Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| NETGEAR RAX40 devices before 1.0.3.64 are affected by lack of access control at the function level. | |||||
| CVE-2019-20640 | 1 Netgear | 34 D3600, D3600 Firmware, D6000 and 31 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32. | |||||
| CVE-2019-20639 | 1 Netgear | 6 Rbk50, Rbk50 Firmware, Rbr50 and 3 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. | |||||
| CVE-2019-20638 | 1 Netgear | 2 Mr1100, Mr1100 Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of administrative credentials. | |||||
| CVE-2019-20489 | 1 Netgear | 2 Wnr1000, Wnr1000 Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. The web management interface (setup.cgi) has an authentication bypass and other problems that ultimately allow an attacker to remotely compromise the device from a malicious webpage. The attacker sends an FW_remote.htm&todo=cfg_init request without a cookie, reads the Set-Cookie header in the 401 Unauthorized response, and then repeats the FW_remote.htm&todo=cfg_init request with the specified cookie. | |||||
| CVE-2019-20488 | 1 Netgear | 2 Wnr1000, Wnr1000 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the web management interface (setup.cgi) are vulnerable to command injection, allowing remote attackers to execute arbitrary commands, as demonstrated by shell metacharacters in the sysDNSHost parameter. | |||||
| CVE-2019-20487 | 1 Netgear | 2 Wnr1000, Wnr1000 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the WNR1000V4 web management console are vulnerable to an unauthenticated GET request (exploitable directly or through CSRF), as demonstrated by the setup.cgi?todo=save_htp_account URI. | |||||
| CVE-2019-20486 | 1 Netgear | 2 Wnr1000, Wnr1000 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple pages (setup.cgi and adv_index.htm) within the web management console are vulnerable to stored XSS, as demonstrated by the configuration of the UI language. | |||||
| CVE-2019-19964 | 1 Netgear | 2 Gs728tps, Gs728tps Firmware | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| On NETGEAR GS728TPS devices through 5.3.0.35, a remote attacker having network connectivity to the web-administration panel can access part of the web panel, bypassing authentication. | |||||