CVSS: 5.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50997
https://notcve.org/view.php?id=CVE-2024-50997
05 Nov 2024 — Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154 y R6400 v2 1.0.4.128 contenían un desbordamiento de pila a través del parámetro pptp_user_ip en pptp.cgi. Esta vulnerabilidad permite a los atacantes provocar una... • https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_43/43.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50998
https://notcve.org/view.php?id=CVE-2024-50998
05 Nov 2024 — Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component openvpn.cgi via the openvpn_service_port and openvpn_service_port_tun parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que Netgear R8500 v1.0.2.160 contiene múltiples vulnerabilidades de desbordamiento de pila en el componente openvpn.cgi a través de los parámetros openvpn_service_port y openvpn_service_port_tun. Estas vulner... • https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_44/44.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50999
https://notcve.org/view.php?id=CVE-2024-50999
05 Nov 2024 — Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at password.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. Se descubrió que Netgear R8500 v1.0.2.160 contiene una vulnerabilidad de inyección de comandos en el parámetro sysNewPasswd en password.cgi. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios del sistema operativo mediante una solicitud manipulada. • https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_38/38.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51000
https://notcve.org/view.php?id=CVE-2024-51000
05 Nov 2024 — Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component wireless.cgi via the opmode, opmode_an, and opmode_an_2 parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que Netgear R8500 v1.0.2.160 contiene múltiples vulnerabilidades de desbordamiento de pila en el componente wireless.cgi a través de los parámetros opmode, opmode_an y opmode_an_2. Estas vulnerabilidades permiten a los ata... • https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_35/35.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51001
https://notcve.org/view.php?id=CVE-2024-51001
05 Nov 2024 — Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the sysDNSHost parameter at ddns.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que Netgear R8500 v1.0.2.160 contenía un desbordamiento de pila a través del parámetro sysDNSHost en ddns.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (DoS) a través de una solicitud POST manipulada. • https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_41/41.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-51002
https://notcve.org/view.php?id=CVE-2024-51002
05 Nov 2024 — Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the l2tp_user_ip parameter at l2tp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154 y R6400 v2 1.0.4.128 contenían un desbordamiento de pila a través del parámetro l2tp_user_ip en l2tp.cgi. Esta vulnerabilidad permite a los atacantes provocar una... • https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_42/42.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-51003
https://notcve.org/view.php?id=CVE-2024-51003
05 Nov 2024 — Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component ap_mode.cgi via the apmode_dns1_pri and apmode_dns1_sec parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrieron múltiples vulnerabilidades de desbordamiento de pila en el componente ap_mode.cgi a través de los parámetros apmode_dns1_pri y apmode_dns1_sec en Netgear R8500 v1.0.2... • https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_49/49.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51004
https://notcve.org/view.php?id=CVE-2024-51004
05 Nov 2024 — Netgear R8500 v1.0.2.160 and R7000P v1.3.3.154 were discovered to multiple stack overflow vulnerabilities in the component usb_device.cgi via the cifs_user, read_access, and write_access parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrieron múltiples vulnerabilidades de desbordamiento de pila en Netgear R8500 v1.0.2.160 y R7000P v1.3.3.154 en el componente usb_device.cgi a través de los parámetros cifs_user, read_access y write_acces... • https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_51/51.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51005
https://notcve.org/view.php?id=CVE-2024-51005
05 Nov 2024 — Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the share_name parameter at usb_remote_smb_conf.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. Se descubrió que Netgear R8500 v1.0.2.160 contiene una vulnerabilidad de inyección de comandos en el parámetro share_name en usb_remote_smb_conf.cgi. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios del sistema operativo a través de una solicitud manipul... • https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_50/50.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51006
https://notcve.org/view.php?id=CVE-2024-51006
05 Nov 2024 — Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_static_ip parameter in the ipv6_tunnel function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que Netgear R8500 v1.0.2.160 contenía un desbordamiento de pila a través del parámetro ipv6_static_ip en la función ipv6_tunnel. Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (DoS) a través de una solicitud POST manipulada. • https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_46/46.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •