CVSS: 8.4EPSS: 2%CPEs: 1EXPL: 0CVE-2024-35520
https://notcve.org/view.php?id=CVE-2024-35520
14 Oct 2024 — Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter. • https://kb.netgear.com/000066027/Security-Advisory-for-Post-Authentication-Command-Injection-on-the-R7000-PSV-2023-0154 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2024-1431 – Netgear R7000 Web Management Interface debuginfo.htm information disclosure
https://notcve.org/view.php?id=CVE-2024-1431
11 Feb 2024 — A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253382 is the identifier assigned to this vulnerability. • https://github.com/leetsun/Hints/tree/main/R7000/2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2024-1430 – Netgear R7000 Web Management Interface currentsetting.htm information disclosure
https://notcve.org/view.php?id=CVE-2024-1430
11 Feb 2024 — A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253381 was assigned to this vulnerability. • https://github.com/leetsun/Hints/tree/main/R7000/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 30EXPL: 0CVE-2023-36187
https://notcve.org/view.php?id=CVE-2023-36187
01 Sep 2023 — Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd. Una vulnerabilidad de desbordamiento de búfer en NETGEAR R6400v2 antes de la versión 1.0.4.118, permite a atacantes remotos no autenticados ejecutar código arbitrario a través de una URL manipulada para httpd. • https://kb.netgear.com/000065571/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0578 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0CVE-2022-48196
https://notcve.org/view.php?id=CVE-2022-48196
30 Dec 2022 — Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.122, R6900P before 1.3.3.152, R7000P before 1.3.3.152, R7000 before 1.0.11.136, R7960P before 1.4.4.94, and R8000P before 1.4.4.94. Ciertos dispositivos NETGEAR se ven afectados por un desbordamiento del búfer provocado por un atacante no autenticado. Esto afecta a RAX40 antes de 1.0.2.60, RAX35 antes de 1.0.2.60, ... • https://kb.netgear.com/000065495/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2019-0208 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-37235
https://notcve.org/view.php?id=CVE-2022-37235
23 Sep 2022 — Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncat El router Gigabit Nighthawk AC1900 Smart WiFi Dual Band R7000 versión V1.0.11.134_10.2.119, de Netgear es vulnerable al desbordamiento del búfer por medio del binario wl del firmware. Se presenta una vulnerabilidad de desbordamiento de pila causada por strncat • https://github.com/Davidteeri/Bug-Report/blob/main/netgear-R7000-0x461bc.md • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-37234
https://notcve.org/view.php?id=CVE-2022-37234
22 Sep 2022 — Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncpy. El router Gigabit Netgear Nighthawk AC1900 Smart WiFi Dual Band R7000 versión V1.0.11.134_10.2.119, es vulnerable a un desbordamiento del búfer por medio del binario wl del firmware. Se presenta una vulnerabilidad de desbordamiento de pila causada por strncpy • https://github.com/Davidteeri/Bug-Report/blob/main/netgear-R7000-0x461bc-strncpy.md • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 18EXPL: 0CVE-2022-27641 – Netgear R6700v3 NetUSB Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-27641
29 Mar 2022 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. • https://kb.netgear.com/000064437/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0278 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 68EXPL: 0CVE-2022-27642 – NETGEAR R6700v3 httpd Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2022-27642
23 Mar 2022 — This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. • https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327 • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 5%CPEs: 56EXPL: 0CVE-2022-27643 – NETGEAR R6700v3 upnpd Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-27643
23 Mar 2022 — This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. • https://kb.netgear.com/000064720/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0323 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •