Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Netgear Subscribe
Total 1223 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-11054 1 Netgear 2 Dgn2200, Dgn2200 Firmware 2024-11-21 9.0 HIGH 7.2 HIGH
NETGEAR DGN2200v4 devices before 2017-01-06 are affected by command execution and an FTP insecure root directory.
CVE-2016-11022 1 Netgear 6 Prosafe Wc7520, Prosafe Wc7520 Firmware, Prosafe Wc7600 and 3 more 2024-11-21 6.5 MEDIUM 7.2 HIGH
NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to login_handler.php.
CVE-2016-11016 1 Netgear 2 Jnr1010, Jnr1010 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS.
CVE-2016-11015 1 Netgear 2 Jnr1010, Jnr1010 Firmware 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL parameter.
CVE-2016-11014 1 Netgear 2 Jnr1010, Jnr1010 Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case.
CVE-2016-10864 1 Netgear 2 Ex7000, Ex7000 Firmware 2024-11-21 2.9 LOW 5.2 MEDIUM
NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID.
CVE-2014-3919 1 Netgear 2 Cg3100, Cg3100 Firmware 2024-11-21 4.3 MEDIUM 9.3 CRITICAL
A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information.
CVE-2013-4657 1 Netgear 4 Wnr3500l, Wnr3500l Firmware, Wnr3500u and 1 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service.
CVE-2013-3517 1 Netgear 4 Wnr3500l, Wnr3500l Firmware, Wnr3500u and 1 more 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U and WNR3500L.
CVE-2013-3516 1 Netgear 4 Wnr3500l, Wnr3500l Firmware, Wnr3500u and 1 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens.
CVE-2013-3317 1 Netgear 2 Wnr1000, Wnr1000 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key.
CVE-2013-3316 1 Netgear 2 Wnr1000, Wnr1000 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg".
CVE-2013-3074 1 Netgear 2 Wndr4700, Wndr4700 Firmware 2024-11-21 7.8 HIGH 7.5 HIGH
NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device crash).
CVE-2013-3073 1 Netgear 2 Wndr4700, Wndr4700 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34.
CVE-2013-3072 1 Netgear 2 Wndr4700, Wndr4700 Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal.
CVE-2013-3071 1 Netgear 2 Wndr4700, Wndr4700 Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass.
CVE-2013-3070 1 Netgear 2 Wndr4700, Wndr4700 Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN.
CVE-2012-6341 1 Netgear 4 Wgr614v7, Wgr614v7 Firmware, Wgr614v9 and 1 more 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
An Information Disclosure vulnerability exists in the my config file in NEtGEAR WGR614 v7 and v9, which could let a malicious user recover all previously used passwords on the device, for both the control panel and WEP/WPA/WPA2, in plaintext. This is a different issue than CVE-2012-6340.
CVE-2012-6340 1 Netgear 4 Wgr614v7, Wgr614v7 Firmware, Wgr614v9 and 1 more 2024-11-21 2.1 LOW 4.6 MEDIUM
An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to CVE-2006-1002.
CVE-2024-35519 1 Netgear 6 Ex3700, Ex3700 Firmware, Ex6100 and 3 more 2024-10-16 N/A 6.8 MEDIUM
Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter.