CVE-2017-18848
https://notcve.org/view.php?id=CVE-2017-18848
Certain NETGEAR devices are affected by CSRF. This affects R6300v2 before 1.0.0.36, AC1450 before 1.0.0.36, R7300 before 1.0.0.54, and R8500 before 1.0.2.94. Determinados dispositivos NETGEAR están afectados por un ataque de tipo CSRF. Esto afecta a R6300v2 versiones anteriores a 1.0.0.36, AC1450 versiones anteriores a 1.0.0.36, R7300 versiones anteriores a 1.0.0.54, y R8500 versiones anteriores a 1.0.2.94. • https://kb.netgear.com/000049011/Security-Advisory-for-Cross-Site-Request-Forgery-on-Some-Routers-PSV-2017-0334 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-20740
https://notcve.org/view.php?id=CVE-2019-20740
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, R7300 before 1.0.0.70, R8300 before 1.0.2.130, and R8500 before 1.0.2.130. Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a DGN2200v4 versiones anteriores a 1.0.0.110, DGND2200Bv4 versiones anteriores a 1.0.0.109, R7300 versiones anteriores a 1.0.0.70, R8300 versiones anteriores a 1.0.2.130 y R8500 versiones anteriores a 1.0.2.130. • https://kb.netgear.com/000060976/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-and-Gateways-PSV-2018-0258 • CWE-787: Out-of-bounds Write •
CVE-2019-17372
https://notcve.org/view.php?id=CVE-2019-17372
Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. The attacker can then, for example, visit MNU_accessPassword_recovered.html to obtain a valid new admin password. This affects AC1450, D8500, DC112A, JNDR3000, LG2200D, R4500, R6200, R6200V2, R6250, R6300, R6300v2, R6400, R6700, R6900P, R6900, R7000P, R7000, R7100LG, R7300, R7900, R8000, R8300, R8500, WGR614v10, WN2500RPv2, WNDR3400v2, WNDR3700v3, WNDR4000, WNDR4500, WNDR4500v2, WNR1000, WNR1000v3, WNR3500L, and WNR3500L. Determinados dispositivos NETGEAR permiten a atacantes remotos deshabilitar todos los requisitos de autenticación visitando el archivo genieDisableLanChanged.cgi. El atacante puede, por ejemplo, visitar MNU_accessPassword_recovered.html para obtener una nueva contraseña de administrador válida. • https://github.com/zer0yu/CVE_Request/blob/master/netgear/netgear_cgi_unauthorized_access_vulnerability.md • CWE-287: Improper Authentication •