CVSS: 6.7EPSS: 0%CPEs: 70EXPL: 0CVE-2019-20700
https://notcve.org/view.php?id=CVE-2019-20700
16 Apr 2020 — Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.44, D6400 before 1.0.0.78, D7000v2 before 1.0.0.51, D8500 before 1.0.3.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.110, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6250 before 1.0.4.26, R630... • https://kb.netgear.com/000061194/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2018 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 70EXPL: 0CVE-2019-20692
https://notcve.org/view.php?id=CVE-2019-20692
16 Apr 2020 — Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.44, D6400 before 1.0.0.78, D7000v2 before 1.0.0.51, D8500 before 1.0.3.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6250 before 1.0.4.26, R630... • https://kb.netgear.com/000061447/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2014 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 1CVE-2017-6366 – Netgear DGN2200v1/v2/v3/v4 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2017-6366
15 Mar 2017 — Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the host_name parameter to dnslookup.cgi. NOTE: this issue can be combined with CVE-2017-6334 to execute arbitrary code remotely. Vulnerabilidad de CSRF en routers NETGEAR DGN2200 con firmware 10.0.0.20 hasta la versión 10.0.0.50 permite a atacantes remotos secuestrar la autenticación de us... • https://www.exploit-db.com/exploits/41472 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 89%CPEs: 2EXPL: 2CVE-2017-6077 – NETGEAR DGN2200 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-6077
20 Feb 2017 — ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request. ping.cgi en dispositivos NETGEAR DGN2200 con firmware hasta la versión 10.0.0.50 permite a usuarios remotos autenticados ejecutar comandos de SO arbitrarios a través de metacaracteres shell en el campo ping_IPAddr de una solicitud HTTP POST. Netgear DGN2200 versions 1, 2, 3, and 4 suffer from a non-ad... • https://packetstorm.news/files/id/141209 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 84%CPEs: 4EXPL: 2CVE-2016-5649 – Netgear DGN2200 and DGND3700 disclose the administrator password
https://notcve.org/view.php?id=CVE-2016-5649
03 Jan 2017 — A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router's web interface. Hay una vulnerabilidad en la página "BSW_cxttongr.htm" de Netg... • https://packetstorm.news/files/id/152675 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-319: Cleartext Transmission of Sensitive Information •