CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6565 – Netgear WNCE3001 HTTP POST Request http_d stack-based overflow
https://notcve.org/view.php?id=CVE-2025-6565
24 Jun 2025 — A vulnerability was found in Netgear WNCE3001 1.0.0.50. It has been classified as critical. This affects the function http_d of the component HTTP POST Request Handler. The manipulation of the argument Host leads to stack-based buffer overflow. It is possible to initiate the attack remotely. • https://github.com/xiaobor123/vul-finds/tree/main/vul-find-wnce3001-netgear • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2021-44262
https://notcve.org/view.php?id=CVE-2021-44262
17 Mar 2022 — A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information for the device. Se presenta una vulnerabilidad en la página "MNU_top.htm" del Netgear W104, versión WAC104-V1.0.4.13, que puede permitir a un atacante remoto acceder a esta página sin ninguna autenticación. Cuando es procesado, expone determinada información clave para el dispositivo • https://github.com/zer0yu/CVE_Request/blob/master/netgear/Netgear_W104_unauthorized_access_vulnerability_second.md • CWE-306: Missing Authentication for Critical Function •