Filtered by vendor Netgear
Subscriptions
Total
1237 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-20649 | 1 Netgear | 2 Mr1100, Mr1100 Firmware | 2024-11-21 | 7.5 High |
| NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of sensitive information. | ||||
| CVE-2019-20648 | 1 Netgear | 2 Rn42400, Rn42400 Firmware | 2024-11-21 | 3.5 Low |
| NETGEAR RN42400 devices before 6.10.2 are affected by incorrect configuration of security settings. | ||||
| CVE-2019-20647 | 1 Netgear | 2 Rax40, Rax40 Firmware | 2024-11-21 | 5.7 Medium |
| NETGEAR RAX40 devices before 1.0.3.64 are affected by denial of service. | ||||
| CVE-2019-20646 | 1 Netgear | 2 Rax40, Rax40 Firmware | 2024-11-21 | 9.8 Critical |
| NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of administrative credentials. | ||||
| CVE-2019-20645 | 1 Netgear | 2 Rax40, Rax40 Firmware | 2024-11-21 | 4.8 Medium |
| NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS. | ||||
| CVE-2019-20644 | 1 Netgear | 2 Rax40, Rax40 Firmware | 2024-11-21 | 4.8 Medium |
| NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS. | ||||
| CVE-2019-20643 | 1 Netgear | 2 Rax40, Rax40 Firmware | 2024-11-21 | 7.5 High |
| NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of sensitive information. | ||||
| CVE-2019-20642 | 1 Netgear | 2 Rax40, Rax40 Firmware | 2024-11-21 | 8.0 High |
| NETGEAR RAX40 devices before 1.0.3.64 are affected by authentication bypass. | ||||
| CVE-2019-20641 | 1 Netgear | 2 Rax40, Rax40 Firmware | 2024-11-21 | 8.8 High |
| NETGEAR RAX40 devices before 1.0.3.64 are affected by lack of access control at the function level. | ||||
| CVE-2019-20640 | 1 Netgear | 34 D3600, D3600 Firmware, D6000 and 31 more | 2024-11-21 | 8.8 High |
| Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32. | ||||
| CVE-2019-20639 | 1 Netgear | 6 Rbk50, Rbk50 Firmware, Rbr50 and 3 more | 2024-11-21 | 4.8 Medium |
| Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30. | ||||
| CVE-2019-20638 | 1 Netgear | 2 Mr1100, Mr1100 Firmware | 2024-11-21 | 6.5 Medium |
| NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure of administrative credentials. | ||||
| CVE-2019-20489 | 1 Netgear | 2 Wnr1000, Wnr1000 Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. The web management interface (setup.cgi) has an authentication bypass and other problems that ultimately allow an attacker to remotely compromise the device from a malicious webpage. The attacker sends an FW_remote.htm&todo=cfg_init request without a cookie, reads the Set-Cookie header in the 401 Unauthorized response, and then repeats the FW_remote.htm&todo=cfg_init request with the specified cookie. | ||||
| CVE-2019-20488 | 1 Netgear | 2 Wnr1000, Wnr1000 Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the web management interface (setup.cgi) are vulnerable to command injection, allowing remote attackers to execute arbitrary commands, as demonstrated by shell metacharacters in the sysDNSHost parameter. | ||||
| CVE-2019-20487 | 1 Netgear | 2 Wnr1000, Wnr1000 Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the WNR1000V4 web management console are vulnerable to an unauthenticated GET request (exploitable directly or through CSRF), as demonstrated by the setup.cgi?todo=save_htp_account URI. | ||||
| CVE-2019-20486 | 1 Netgear | 2 Wnr1000, Wnr1000 Firmware | 2024-11-21 | 6.1 Medium |
| An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple pages (setup.cgi and adv_index.htm) within the web management console are vulnerable to stored XSS, as demonstrated by the configuration of the UI language. | ||||
| CVE-2019-19964 | 1 Netgear | 2 Gs728tps, Gs728tps Firmware | 2024-11-21 | 2.7 Low |
| On NETGEAR GS728TPS devices through 5.3.0.35, a remote attacker having network connectivity to the web-administration panel can access part of the web panel, bypassing authentication. | ||||
| CVE-2019-19494 | 4 Compal, Netgear, Sagemcom and 1 more | 14 7284e, 7284e Firmware, 7486e and 11 more | 2024-11-21 | 8.8 High |
| Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11. | ||||
| CVE-2019-17373 | 1 Netgear | 20 Dgn2200, Dgn2200 Firmware, Dgn2200m and 17 more | 2024-11-21 | 9.8 Critical |
| Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2. | ||||
| CVE-2019-17372 | 1 Netgear | 66 Ac1450, Ac1450 Firmware, D8500 and 63 more | 2024-11-21 | 8.1 High |
| Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. The attacker can then, for example, visit MNU_accessPassword_recovered.html to obtain a valid new admin password. This affects AC1450, D8500, DC112A, JNDR3000, LG2200D, R4500, R6200, R6200V2, R6250, R6300, R6300v2, R6400, R6700, R6900P, R6900, R7000P, R7000, R7100LG, R7300, R7900, R8000, R8300, R8500, WGR614v10, WN2500RPv2, WNDR3400v2, WNDR3700v3, WNDR4000, WNDR4500, WNDR4500v2, WNR1000, WNR1000v3, WNR3500L, and WNR3500L. | ||||