CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50996
https://notcve.org/view.php?id=CVE-2024-50996
05 Nov 2024 — Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the bpa_server parameter at genie_bpa.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154 y R6400 v2 1.0.4.128 contenían un desbordamiento de pila a través del parámetro bpa_server en genie_bpa.cgi. Esta vulnerabilidad permite a los atacantes provoc... • https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_37/37.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50997
https://notcve.org/view.php?id=CVE-2024-50997
05 Nov 2024 — Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154 y R6400 v2 1.0.4.128 contenían un desbordamiento de pila a través del parámetro pptp_user_ip en pptp.cgi. Esta vulnerabilidad permite a los atacantes provocar una... • https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_43/43.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-51002
https://notcve.org/view.php?id=CVE-2024-51002
05 Nov 2024 — Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the l2tp_user_ip parameter at l2tp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154 y R6400 v2 1.0.4.128 contenían un desbordamiento de pila a través del parámetro l2tp_user_ip en l2tp.cgi. Esta vulnerabilidad permite a los atacantes provocar una... • https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_42/42.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-51003
https://notcve.org/view.php?id=CVE-2024-51003
05 Nov 2024 — Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component ap_mode.cgi via the apmode_dns1_pri and apmode_dns1_sec parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrieron múltiples vulnerabilidades de desbordamiento de pila en el componente ap_mode.cgi a través de los parámetros apmode_dns1_pri y apmode_dns1_sec en Netgear R8500 v1.0.2... • https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_49/49.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 0CVE-2024-51010
https://notcve.org/view.php?id=CVE-2024-51010
05 Nov 2024 — Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component ap_mode.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. Se descubrió que Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154 y R6400 v2 1.0.4.128 contienen una vulnerabilidad de inyección de comandos en el componente ap_mode.cgi a través del parámetro apmode... • https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_48/48.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51011
https://notcve.org/view.php?id=CVE-2024-51011
05 Nov 2024 — Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que Netgear XR300 v1.0.3.78, R7000P v1.3.3.154 y R6400 v2 1.0.4.128 contienen un desbordamiento de pila a través del parámetro pppoe_localip en pppoe.cgi. Esta vulnerabilidad permite a los atacantes provocar una denegación de servicio (DoS) a t... • https://github.com/wudipjq/my_vuln/blob/main/Netgear5/vuln_52/52.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0CVE-2024-51021
https://notcve.org/view.php?id=CVE-2024-51021
05 Nov 2024 — Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a command injection vulnerability via the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. Se descubrió que Netgear XR300 v1.0.3.78, R7000P v1.3.3.154 y R6400 v2 1.0.4.128 contienen una vulnerabilidad de inyección de comandos a través del parámetro wan_gateway en genie_fix2.cgi. Esta vulnerabilidad permite a los atacantes ejecutar co... • https://github.com/wudipjq/my_vuln/blob/main/Netgear5/vuln_57/57.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-52013
https://notcve.org/view.php?id=CVE-2024-52013
05 Nov 2024 — Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at wiz_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154 y R6400 v2 1.0.4.128 contenían un desbordamiento de pila a través del parámetro pptp_user_ip en wiz_pptp.cgi. Esta vulnerabilidad permite a los atacantes prov... • https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_43/43.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-52014
https://notcve.org/view.php?id=CVE-2024-52014
05 Nov 2024 — Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at genie_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154 y R6400 v2 1.0.4.128 contenían un desbordamiento de pila a través del parámetro pptp_user_ip en genie_pptp.cgi. Esta vulnerabilidad permite a los atacantes ... • https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_43/43.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-52015
https://notcve.org/view.php?id=CVE-2024-52015
05 Nov 2024 — Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at bsw_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Se descubrió que Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154 y R6400 v2 1.0.4.128 contenían un desbordamiento de pila a través del parámetro pptp_user_ip en bsw_pptp.cgi. Esta vulnerabilidad permite a los atacantes prov... • https://github.com/wudipjq/my_vuln/blob/main/Netgear4/vuln_43/43.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •