CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-51002
https://notcve.org/view.php?id=CVE-2024-51002
05 Nov 2024 — Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the l2tp_user_ip parameter at l2tp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154 y R6400 v2 1.0.4.128 contenían un desbordamiento de pila a través del parámetro l2tp_user_ip en l2tp.cgi. Esta vulnerabilidad permite a los atacantes provocar una... • https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_42/42.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35520
https://notcve.org/view.php?id=CVE-2024-35520
14 Oct 2024 — Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter. • https://kb.netgear.com/000066027/Security-Advisory-for-Post-Authentication-Command-Injection-on-the-R7000-PSV-2023-0154 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35518
https://notcve.org/view.php?id=CVE-2024-35518
14 Oct 2024 — Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri parameter. • https://github.com/consrc/cves/blob/main/CVE-2024-35518.md •
CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 0CVE-2024-35519
https://notcve.org/view.php?id=CVE-2024-35519
14 Oct 2024 — Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi via the ap_mode parameter. • https://github.com/consrc/cves/blob/main/CVE-2024-35519.md •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35522
https://notcve.org/view.php?id=CVE-2024-35522
11 Oct 2024 — Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1 and ap_24g_manual_sec set to NotNone. • https://github.com/consrc/cves/blob/main/CVE-2024-35522.md •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35517
https://notcve.org/view.php?id=CVE-2024-35517
11 Oct 2024 — Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter. • https://github.com/consrc/cves/blob/main/CVE-2024-35517.md •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42756
https://notcve.org/view.php?id=CVE-2024-42756
23 Aug 2024 — An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker to execute arbitrary code via the Diagnostics page • https://github.com/Nop3z/CVE/blob/main/Netgear/Netgear%20DGN1000%20RCE/Netgear%20DGN1000%20RCE.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7153 – Netgear WN604 siteSurvey.php direct request
https://notcve.org/view.php?id=CVE-2024-7153
27 Jul 2024 — A vulnerability classified as problematic has been found in Netgear WN604 up to 20240719. Affected is an unknown function of the file siteSurvey.php. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.272556 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6813 – NETGEAR ProSAFE Network Management System getSortString SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6813
18 Jul 2024 — NETGEAR ProSAFE Network Management System getSortString SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the getSortString method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. • https://www.zerodayinitiative.com/advisories/ZDI-24-902 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6814 – NETGEAR ProSAFE Network Management System getFilterString SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-6814
18 Jul 2024 — NETGEAR ProSAFE Network Management System getFilterString SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the getFilterString method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. • https://www.zerodayinitiative.com/advisories/ZDI-24-901 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •