CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1CVE-2024-12147 – Netgear R6900 HTTP Header upgrade_check.cgi buffer overflow
https://notcve.org/view.php?id=CVE-2024-12147
04 Dec 2024 — A vulnerability was found in Netgear R6900 1.0.1.26_1.0.20. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file upgrade_check.cgi of the component HTTP Header Handler. The manipulation of the argument Content-Length leads to buffer overflow. The attack can be launched remotely. • https://github.com/upload000/Hub/blob/main/IOT/Netgear_R6900.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51008
https://notcve.org/view.php?id=CVE-2024-51008
05 Nov 2024 — Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at wiz_dyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. Se descubrió que Netgear XR300 v1.0.3.78 contiene una vulnerabilidad de inyección de comandos en el parámetro system_name en wiz_dyn.cgi. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios del sistema operativo mediante una solicitud manipulada. • https://github.com/wudipjq/my_vuln/blob/main/Netgear5/vuln_53/53.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-52014
https://notcve.org/view.php?id=CVE-2024-52014
05 Nov 2024 — Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at genie_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154 y R6400 v2 1.0.4.128 contenían un desbordamiento de pila a través del parámetro pptp_user_ip en genie_pptp.cgi. Esta vulnerabilidad permite a los atacantes ... • https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_43/43.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2024-52020
https://notcve.org/view.php?id=CVE-2024-52020
05 Nov 2024 — Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at wiz_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. Se descubrió que Netgear R8500 v1.0.2.160 contiene una vulnerabilidad de inyección de comandos en el parámetro wan_gateway en wiz_fix2.cgi. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios del sistema operativo mediante una solicitud manipulada. • https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_47/47.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52026
https://notcve.org/view.php?id=CVE-2024-52026
05 Nov 2024 — Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at bsw_pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que Netgear XR300 v1.0.3.78, R7000P v1.3.3.154 y R6400 v2 1.0.4.128 contienen un desbordamiento de pila a través del parámetro pppoe_localip en bsw_pppoe.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (... • https://github.com/wudipjq/my_vuln/blob/main/Netgear5/vuln_52/52.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51012
https://notcve.org/view.php?id=CVE-2024-51012
05 Nov 2024 — Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_pri_dns parameter at ipv6_fix.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que Netgear R8500 v1.0.2.160 contenía un desbordamiento de pila a través del parámetro ipv6_pri_dns en ipv6_fix.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (DoS) a través de una solicitud POST manipulada. • https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_45/45.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50997
https://notcve.org/view.php?id=CVE-2024-50997
05 Nov 2024 — Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154 y R6400 v2 1.0.4.128 contenían un desbordamiento de pila a través del parámetro pptp_user_ip en pptp.cgi. Esta vulnerabilidad permite a los atacantes provocar una... • https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_43/43.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-52024
https://notcve.org/view.php?id=CVE-2024-52024
05 Nov 2024 — Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at wizpppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que Netgear XR300 v1.0.3.78, R7000P v1.3.3.154 y R6400 v2 1.0.4.128 contienen un desbordamiento de pila a través del parámetro pppoe_localip en wizpppoe.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (Do... • https://github.com/wudipjq/my_vuln/blob/main/Netgear5/vuln_52/52.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50998
https://notcve.org/view.php?id=CVE-2024-50998
05 Nov 2024 — Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component openvpn.cgi via the openvpn_service_port and openvpn_service_port_tun parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que Netgear R8500 v1.0.2.160 contiene múltiples vulnerabilidades de desbordamiento de pila en el componente openvpn.cgi a través de los parámetros openvpn_service_port y openvpn_service_port_tun. Estas vulner... • https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_44/44.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51011
https://notcve.org/view.php?id=CVE-2024-51011
05 Nov 2024 — Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que Netgear XR300 v1.0.3.78, R7000P v1.3.3.154 y R6400 v2 1.0.4.128 contienen un desbordamiento de pila a través del parámetro pppoe_localip en pppoe.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (DoS) a t... • https://github.com/wudipjq/my_vuln/blob/main/Netgear5/vuln_52/52.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •