CVSS: 7.5EPSS: 0%CPEs: 120EXPL: 0CVE-2016-11059
https://notcve.org/view.php?id=CVE-2016-11059
28 Apr 2020 — Certain NETGEAR devices are affected by password exposure. This affects AC1450 before 2017-01-06, C6300 before 2017-01-06, D500 before 2017-01-06, D1500 before 2017-01-06, D3600 before 2017-01-06, D6000 before 2017-01-06, D6100 before 2017-01-06, D6200 before 2017-01-06, D6200B before 2017-01-06, D6300B before 2017-01-06, D6300 before 2017-01-06, DGN1000v3 before 2017-01-06, DGN2200v1 before 2017-01-06, DGN2200v3 before 2017-01-06, DGN2200V4 before 2017-01-06, DGN2200Bv3 before 2017-01-06, DGN2200Bv4 before... • https://kb.netgear.com/27253/NETGEAR-Product-Vulnerability-Advisory-Authentication-Bypass-and-Information-Disclosure-on-Home-Routers • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2019-17373
https://notcve.org/view.php?id=CVE-2019-17373
09 Oct 2019 — Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2. Determinados dispositivos NETGEAR permiten el acceso no autenticado a páginas críticas .cgi y .htm por medio de una subcadena que termina con .jpg, tal y como al agregar ?x=1.jpg en una URL. • https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_web_interface_exists_authentication_bypass.md •
CVSS: 9.8EPSS: 84%CPEs: 4EXPL: 2CVE-2016-5649 – Netgear DGN2200 and DGND3700 disclose the administrator password
https://notcve.org/view.php?id=CVE-2016-5649
03 Jan 2017 — A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. When processed, it exposes the admin password in clear text before it gets redirected to absw_vfysucc.cgia. An attacker can use this password to gain administrator access to the targeted router's web interface. Hay una vulnerabilidad en la página "BSW_cxttongr.htm" de Netg... • https://packetstorm.news/files/id/152675 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-319: Cleartext Transmission of Sensitive Information •