CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4235 – Netgear DG834Gv5 Web Management Interface cleartext storage
https://notcve.org/view.php?id=CVE-2024-4235
A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://netsecfish.notion.site/Netgear-DG834Gv5-Plain-Text-Credentials-Exposure-22e94fe066014490bebd349775d10b27?pvs=4 https://vuldb.com/?ctiid.262126 https://vuldb.com/?id.262126 https://vuldb.com/?submit.319148 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-48725
https://notcve.org/view.php?id=CVE-2023-48725
A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en la funcionalidad getblockschedule() de JSON Parsing de Netgear RAX30 1.0.11.96 y 1.0.7.78. Una solicitud HTTP especialmente manipulada puede provocar la ejecución de código. • https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160 https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887 • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2024-1431 – Netgear R7000 Web Management Interface debuginfo.htm information disclosure
https://notcve.org/view.php?id=CVE-2024-1431
A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253382 is the identifier assigned to this vulnerability. • https://github.com/leetsun/Hints/tree/main/R7000/2 https://vuldb.com/?ctiid.253382 https://vuldb.com/?id.253382 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2024-1430 – Netgear R7000 Web Management Interface currentsetting.htm information disclosure
https://notcve.org/view.php?id=CVE-2024-1430
A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253381 was assigned to this vulnerability. • https://github.com/leetsun/Hints/tree/main/R7000/1 https://vuldb.com/?ctiid.253381 https://vuldb.com/?id.253381 https://vuldb.com/?submit.276025 https://www.netgear.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-50089
https://notcve.org/view.php?id=CVE-2023-50089
A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication. Existe una vulnerabilidad de inyección de comandos en NETGEAR WNR2000v4 versión 1.0.0.70. Cuando se utiliza HTTP para la autenticación SOAP, la ejecución del comando se produce durante el proceso después de una autenticación exitosa. • https://github.com/NoneShell/Vulnerabilities/blob/main/NETGEAR/WNR2000v4-1.0.0.70-Authorized-Command-Injection.md https://www.netgear.com/about/security • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •