Filtered by vendor Netgear
Subscribe
Total
1310 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-42756 | 1 Netgear | 2 Dgn1000ww, Dgn1000ww Firmware | 2026-01-30 | N/A | 8.8 HIGH |
| An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker to execute arbitrary code via the Diagnostics page | |||||
| CVE-2025-12946 | 1 Netgear | 36 Mr90, Mr90 Firmware, Ms90 and 33 more | 2026-01-21 | N/A | 7.5 HIGH |
| A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques (MiTM) to manipulate DNS responses and execute commands when speedtests are run. This issue affects RS700: through 1.0.7.82; RAX54Sv2 : before V1.1.6.36; RAX41v2: before V1.1.6.36; RAX50: before V1.2.14.114; RAXE500: before V1.2.14.114; RAX41: before V1.0.17.142; RAX43: before V1.0.17.142; RAX35v2: before V1.0.17.142; RAXE450: before V1.2.14.114; RAX43v2: before V1.1.6.36; RAX42: before V1.0.17.142; RAX45: before V1.0.17.142; RAX50v2: before V1.1.6.36; MR90: before V1.0.2.46; MS90: before V1.0.2.46; RAX42v2: before V1.1.6.36; RAX49S: before V1.1.6.36. | |||||
| CVE-2025-12941 | 1 Netgear | 4 C6220, C6220 Firmware, C6230 and 1 more | 2026-01-16 | N/A | 5.7 MEDIUM |
| Denial of Service Vulnerability in NETGEAR C6220 and C6230 (DOCSIS® 3.0 Two-in-one Cable Modem + WiFi Router) allows authenticated local WiFi users reboot the router. | |||||
| CVE-2025-12945 | 1 Netgear | 2 R7000p, R7000p Firmware | 2026-01-16 | N/A | 7.2 HIGH |
| A vulnerability in NETGEAR Nighthawk R7000P routers lets an authenticated admin execute OS command injections due to improper input validation. This issue affects R7000P: through 1.3.3.154. | |||||
| CVE-2025-45493 | 1 Netgear | 2 Ex8000, Ex8000 Firmware | 2026-01-05 | N/A | 6.5 MEDIUM |
| Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the iface parameter in the action_bandwidth function. | |||||
| CVE-2025-44652 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2026-01-02 | N/A | 7.5 HIGH |
| In Netgear RAX30 V1.0.10.94_3, the USERLIMIT_GLOBAL option is set to 0 in multiple bftpd-related configuration files. This can cause DoS attacks when unlimited users are connected. | |||||
| CVE-2025-50526 | 1 Netgear | 2 Ex8000, Ex8000 Firmware | 2026-01-02 | N/A | 9.8 CRITICAL |
| Netgear EX8000 V1.0.0.126 was discovered to contain a command injection vulnerability via the switch_status function. | |||||
| CVE-2024-12847 | 1 Netgear | 2 Dgn1000, Dgn1000 Firmware | 2025-12-19 | N/A | 9.8 CRITICAL |
| NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been observed to be exploited in the wild since at least 2017 and specifically by the Shadowserver Foundation on 2025-02-06 UTC. | |||||
| CVE-2025-12944 | 1 Netgear | 2 Dgn2200, Dgn2200 Firmware | 2025-12-08 | N/A | 8.8 HIGH |
| Improper input validation in NETGEAR DGN2200v4 (N300 Wireless ADSL2+ Modem Router) allows attackers with direct network access to the device to potentially execute code on the device. Please check the firmware version and update to the latest. Fixed in: DGN2200v4 firmware 1.0.0.132 or later | |||||
| CVE-2025-12943 | 1 Netgear | 4 Rax30, Rax30 Firmware, Raxe300 and 1 more | 2025-12-08 | N/A | 7.5 HIGH |
| Improper certificate validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream AX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band WiFi 6E Router) allows attackers with the ability to intercept and tamper traffic destined to the device to execute arbitrary commands on the device. Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update to the latest. Fixed in: RAX30 firmware 1.0.14.108 or later. RAXE300 firmware 1.0.9.82 or later | |||||
| CVE-2025-12942 | 1 Netgear | 4 R6260, R6260 Firmware, R6850 and 1 more | 2025-12-08 | N/A | 7.5 HIGH |
| Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86. | |||||
| CVE-2025-12940 | 1 Netgear | 4 Wax610, Wax610 Firmware, Wax610y and 1 more | 2025-12-08 | N/A | 5.5 MEDIUM |
| Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points). An user having access to the syslog server can read the logs containing these credentials. This issue affects WAX610: before 10.8.11.4; WAX610Y: before 10.8.11.4. Devices managed with Insight get automatic updates. If not, please check the firmware version and update to the latest. Fixed in: WAX610 firmware 11.8.0.10 or later. WAX610Y firmware 11.8.0.10 or later. | |||||
| CVE-2024-4235 | 1 Netgear | 2 Dg834gv5, Dg834gv5 Firmware | 2025-11-20 | 3.3 LOW | 2.7 LOW |
| A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-262126 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2020-26919 | 1 Netgear | 2 Jgs516pe, Jgs516pe Firmware | 2025-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level. | |||||
| CVE-2023-48725 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-11-04 | N/A | 7.2 HIGH |
| A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2017-6862 | 1 Netgear | 6 Wnr2000v3, Wnr2000v3 Firmware, Wnr2000v4 and 3 more | 2025-10-22 | 7.5 HIGH | 9.8 CRITICAL |
| NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261. | |||||
| CVE-2017-6334 | 1 Netgear | 5 Dgn2200 Series Firmware, Dgn2200v1, Dgn2200v2 and 2 more | 2025-10-22 | 9.0 HIGH | 8.8 HIGH |
| dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077. | |||||
| CVE-2017-6077 | 1 Netgear | 2 Dgn2200, Dgn2200 Firmware | 2025-10-22 | 10.0 HIGH | 9.8 CRITICAL |
| ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request. | |||||
| CVE-2017-5521 | 1 Netgear | 26 Ac1450, Ac1450 Firmware, D6220 and 23 more | 2025-10-22 | 4.3 MEDIUM | 8.1 HIGH |
| An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simple crafted requests to the web management server. The bug is exploitable remotely if the remote management option is set, and can also be exploited given access to the router over LAN or WLAN. When trying to access the web panel, a user is asked to authenticate; if the authentication is canceled and password recovery is not enabled, the user is redirected to a page that exposes a password recovery token. If a user supplies the correct token to the page /passwordrecovered.cgi?id=TOKEN (and password recovery is not enabled), they will receive the admin password for the router. If password recovery is set the exploit will fail, as it will ask the user for the recovery questions that were previously set when enabling that feature. This is persistent (even after disabling the recovery option, the exploit will fail) because the router will ask for the security questions. | |||||
| CVE-2016-6277 | 1 Netgear | 22 D6220, D6220 Firmware, D6400 and 19 more | 2025-10-22 | 9.3 HIGH | 8.8 HIGH |
| NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/. | |||||