CVSS: 6.7EPSS: 0%CPEs: 70EXPL: 0CVE-2019-20692
https://notcve.org/view.php?id=CVE-2019-20692
16 Apr 2020 — Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.44, D6400 before 1.0.0.78, D7000v2 before 1.0.0.51, D8500 before 1.0.3.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6250 before 1.0.4.26, R630... • https://kb.netgear.com/000061447/Security-Advisory-for-Pre-Authentication-Stack-Overflow-on-Some-Routers-Gateways-and-Extenders-PSV-2017-2014 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2013-3516
https://notcve.org/view.php?id=CVE-2013-3516
13 Nov 2019 — NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens. Los routers NETGEAR WNR3500U y WNR3500L usan tokens de formulario basados ??únicamente en la fecha y hora actuales del router, lo que permite a atacantes adivinar los tokens de tipo CSRF. • https://www.ise.io/casestudies/exploiting-soho-routers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2013-3517
https://notcve.org/view.php?id=CVE-2013-3517
13 Nov 2019 — Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U and WNR3500L. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en NETGEAR WNR3500U y WNR3500L. • https://www.ise.io/casestudies/exploiting-soho-routers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2013-4657
https://notcve.org/view.php?id=CVE-2013-4657
13 Nov 2019 — Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service. Una vulnerabilidad de Salto de Enlace Simbólico en NETGEAR WNR3500U y WNR3500L, debido a una configuración inapropiada en el servicio SMB. • https://www.ise.io/soho_service_hacks • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 1%CPEs: 66EXPL: 1CVE-2019-17372
https://notcve.org/view.php?id=CVE-2019-17372
09 Oct 2019 — Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. The attacker can then, for example, visit MNU_accessPassword_recovered.html to obtain a valid new admin password. This affects AC1450, D8500, DC112A, JNDR3000, LG2200D, R4500, R6200, R6200V2, R6250, R6300, R6300v2, R6400, R6700, R6900P, R6900, R7000P, R7000, R7100LG, R7300, R7900, R8000, R8300, R8500, WGR614v10, WN2500RPv2, WNDR3400v2, WNDR3700v3, WNDR4000, WNDR4500, WNDR4500v2, ... • https://github.com/zer0yu/CVE_Request/blob/master/netgear/netgear_cgi_unauthorized_access_vulnerability.md • CWE-287: Improper Authentication •