CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2024-52022
https://notcve.org/view.php?id=CVE-2024-52022
05 Nov 2024 — Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component wlg_adv.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. Se descubrió que Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154 y R6400 v2 1.0.4.128 contienen una vulnerabilidad de inyección de comandos en el componente wlg_adv.cgi a través del parámetro apmode... • https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_48/48.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-52023
https://notcve.org/view.php?id=CVE-2024-52023
05 Nov 2024 — Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe2.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que Netgear XR300 v1.0.3.78, R7000P v1.3.3.154 y R6400 v2 1.0.4.128 contienen un desbordamiento de pila a través del parámetro pppoe_localip en pppoe2.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (DoS) a... • https://github.com/wudipjq/my_vuln/blob/main/Netgear5/vuln_52/52.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-52024
https://notcve.org/view.php?id=CVE-2024-52024
05 Nov 2024 — Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at wizpppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que Netgear XR300 v1.0.3.78, R7000P v1.3.3.154 y R6400 v2 1.0.4.128 contienen un desbordamiento de pila a través del parámetro pppoe_localip en wizpppoe.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (Do... • https://github.com/wudipjq/my_vuln/blob/main/Netgear5/vuln_52/52.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-52025
https://notcve.org/view.php?id=CVE-2024-52025
05 Nov 2024 — Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at geniepppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que Netgear XR300 v1.0.3.78, R7000P v1.3.3.154 y R6400 v2 1.0.4.128 contienen un desbordamiento de pila a través del parámetro pppoe_localip en geniepppoe.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio... • https://github.com/wudipjq/my_vuln/blob/main/Netgear5/vuln_52/52.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52026
https://notcve.org/view.php?id=CVE-2024-52026
05 Nov 2024 — Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at bsw_pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que Netgear XR300 v1.0.3.78, R7000P v1.3.3.154 y R6400 v2 1.0.4.128 contienen un desbordamiento de pila a través del parámetro pppoe_localip en bsw_pppoe.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (... • https://github.com/wudipjq/my_vuln/blob/main/Netgear5/vuln_52/52.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-36499
https://notcve.org/view.php?id=CVE-2023-36499
07 Aug 2023 — Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_wifi_change.cgi. • https://github.com/FirmRec/IoT-Vulns/blob/main/netgear/nvram_ssid/README.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 5%CPEs: 56EXPL: 0CVE-2022-27643 – NETGEAR R6700v3 upnpd Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-27643
23 Mar 2022 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. • https://kb.netgear.com/000064720/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0323 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 42EXPL: 0CVE-2021-45512
https://notcve.org/view.php?id=CVE-2021-45512
26 Dec 2021 — Certain NETGEAR devices are affected by weak cryptography. This affects D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX7000 before 1.0.1.90, R6250 before 1.0.4.42, R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R6900P before 1.3.2.124, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7900 before 1.0.4.26, R8000 before 1.0.4.58, R8300 before 1.0.2.134, R8500 before 1.0.2.134, RS400... • https://kb.netgear.com/000064117/Security-Advisory-for-Broken-Cryptography-on-Some-Routers-and-Extenders-PSV-2020-0134 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.8EPSS: 1%CPEs: 72EXPL: 0CVE-2021-45527
https://notcve.org/view.php?id=CVE-2021-45527
26 Dec 2021 — Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.68, D6400 before 1.0.0.102, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, DC112A before 1.0.0.54, EX7000 before 1.0.1.94, EX7500 before 1.0.0.72, R6250 before 1.0.4.48, R6300v2 before 1.0.4.52, R6400 before 1.0.1.70, R6400v2 before 1.0.4.102, R6700v3 before 1.0.4.102, R7000 before 1.0.11.116, R7100LG before 1.0.0.64, R7850 before 1.0.5.68, R7900 before 1.0.4.30, R7960P before 1.4.1.68, R8000... • https://kb.netgear.com/000064493/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-Some-Routers-Extenders-and-WiFi-Systems-PSV-2020-0437 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 16EXPL: 0CVE-2021-45605
https://notcve.org/view.php?id=CVE-2021-45605
26 Dec 2021 — Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6400 before 1.0.1.68, R7000 before 1.0.11.116, R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7900 before 1.0.4.38, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, and XR300 before 1.0.3.50. Determinados dispositivos NETGEAR están afectados por un desbordamiento del búfer en la región stack de la memoria por parte de un usuario autenticado. Esto afecta a R6400 versiones anteriores a 1.0.1.68, a ... • https://kb.netgear.com/000064072/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-Some-Routers-PSV-2019-0214 • CWE-787: Out-of-bounds Write •