CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-24498 – Netgear ProSAFE 24 Port 10/100 FS726TP - CWE-522: Insufficiently Protected Credentials.
https://notcve.org/view.php?id=CVE-2023-24498
An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text. • https://www.gov.il/en/Departments/faq/cve_advisories • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.2EPSS: 5%CPEs: 6EXPL: 2CVE-2016-11022
https://notcve.org/view.php?id=CVE-2016-11022
NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to login_handler.php. Los dispositivos NETGEAR Prosafe WC9500 versiones 5.1.0.17, WC7600 versión 5.1.0.17 y WC7520 versión 2.5.0.35, permiten a un atacante remoto ejecutar código con privilegios root por medio de metacaracteres de shell en el parámetro reqMethod en el archivo login_handler.php. • http://firmware.re/vulns/acsa-2015-002.php https://github.com/threat9/routersploit/blob/master/routersploit/modules/exploits/routers/netgear/prosafe_rce.py https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4864 – Netgear GS105Ev2 Authentication Bypass / XSS / CSRF
https://notcve.org/view.php?id=CVE-2014-4864
The NETGEAR ProSafe Plus Configuration Utility creates configuration backup files containing cleartext passwords, which might allow remote attackers to obtain sensitive information by reading a file. La utilidad de configuración NETGEAR ProSafe Plus crea ficheros de la copia de seguridad de la configuración que contienen las contraseñas en texto plano, lo que podría permitir a los atacantes remotos obtener información sensible mediante la lectura de un fichero. The Netgear GS105Ev2 gigabit switch suffers from authentication bypass, cross site request forgery, cross site scripting, and various other vulnerabilities. • http://www.kb.cert.org/vuls/id/396212 • CWE-255: Credentials Management Errors •
CVSS: 7.8EPSS: 95%CPEs: 11EXPL: 2CVE-2013-4776 – Netgear ProSafe - Denial of Service
https://notcve.org/view.php?id=CVE-2013-4776
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/. NETGEAR ProSafe GS724Tv3 y GS716Tv2 con firmware 5.4.1.13 y anteriores, GS748Tv4 5.4.1.14, y GS510TP 5.0.4.4 permite a atacantes remotos causar una denegación de servicio (reboot y crash) a través de una petición HTTP manipulada a filesystem/. • https://www.exploit-db.com/exploits/27775 http://www.encripto.no/forskning/whitepapers/Netgear_prosafe_advisory_aug_2013.pdf •
CVSS: 7.8EPSS: 61%CPEs: 24EXPL: 2CVE-2013-4775 – Netgear ProSafe - Information Disclosure
https://notcve.org/view.php?id=CVE-2013-4775
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to read encrypted administrator credentials and other startup configurations via a direct request to filesystem/startup-config. NETGEAR ProSafe GS724Tv3 y GS716Tv2 con firmware 5.4.1.13 y anteriores; GS748Tv4 con firmware 5.4.1.14; GS510TP con firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, y GS725TS con firmware 5.3.0.17; y GS752TXS y GS728TXS con firmware 6.1.0.12 permite a atacantes remotos leer credenciales de administrador cifradas y otras configuraciones de inicio a través de una petición directa a filesystem/startup-config. • https://www.exploit-db.com/exploits/27774 http://www.encripto.no/forskning/whitepapers/Netgear_prosafe_advisory_aug_2013.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •