Filtered by vendor Netgear
Subscriptions
Total
1230 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5674 | 2 Netgear, Nuuo | 3 Readynas Surveillance, Nvrmini 2, Nvrsolo | 2025-04-12 | N/A |
| __debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter. | ||||
| CVE-2016-1348 | 6 Cisco, Netgear, Samsung and 3 more | 6 Ios Xe, Jr6150 Firmware, X14j Firmware and 3 more | 2025-04-12 | N/A |
| Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821. | ||||
| CVE-2016-1524 | 1 Netgear | 1 Prosafe Network Management Software 300 | 2025-04-12 | N/A |
| Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI. | ||||
| CVE-2016-1344 | 7 Cisco, Lenovo, Netgear and 4 more | 7 Ios Xe, Thinkcentre E75s Firmware, Jr6150 Firmware and 4 more | 2025-04-12 | N/A |
| The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417. | ||||
| CVE-2016-5675 | 2 Netgear, Nuuo | 4 Readynas Surveillance, Crystal, Nvrmini 2 and 1 more | 2025-04-12 | N/A |
| handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter. | ||||
| CVE-2016-5680 | 2 Netgear, Nuuo | 2 Readynas Surveillance, Nvrmini 2 | 2025-04-12 | N/A |
| Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command. | ||||
| CVE-2015-8289 | 1 Netgear | 4 D3600, D3600 Firmware, D6000 and 1 more | 2025-04-12 | N/A |
| The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code. | ||||
| CVE-2015-8288 | 1 Netgear | 4 D3600, D3600 Firmware, D6000 and 1 more | 2025-04-12 | N/A |
| NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. | ||||
| CVE-2016-10116 | 1 Netgear | 8 Arlo Base Station Firmware, Arlo Q Camera Firmware, Arlo Q Plus Camera Firmware and 5 more | 2025-04-12 | N/A |
| NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier use a pattern of adjective, noun, and three-digit number for the customized password, which makes it easier for remote attackers to obtain access via a dictionary attack. | ||||
| CVE-2016-10115 | 1 Netgear | 8 Arlo Base Station Firmware, Arlo Q Camera Firmware, Arlo Q Plus Camera Firmware and 5 more | 2025-04-12 | N/A |
| NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default password of 12345678, which makes it easier for remote attackers to obtain access after a factory reset or in a factory configuration. | ||||
| CVE-2016-1346 | 6 Cisco, Dell, Netgear and 3 more | 6 Telepresence Server Mse 8710, Emc Powerscale Onefs, Jr6150 Firmware and 3 more | 2025-04-12 | N/A |
| The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673. | ||||
| CVE-2016-1349 | 7 Cisco, Intel, Netgear and 4 more | 7 Ios Xe, Core I5-9400f Firmware, Jr6150 Firmware and 4 more | 2025-04-12 | N/A |
| The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410. | ||||
| CVE-2016-5676 | 2 Netgear, Nuuo | 3 Readynas Surveillance, Nvrmini 2, Nvrsolo | 2025-04-12 | N/A |
| cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action. | ||||
| CVE-2016-5679 | 2 Netgear, Nuuo | 2 Readynas Surveillance, Nvrmini 2 | 2025-04-12 | N/A |
| cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command. | ||||
| CVE-2013-3069 | 1 Netgear | 2 Wndr4700, Wndr4700 Firmware | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page. | ||||
| CVE-2014-2969 | 1 Netgear | 2 Gs108pe, Gs108pe Firmware | 2025-04-12 | N/A |
| NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi. | ||||
| CVE-2014-4864 | 1 Netgear | 1 Prosafe Firmware | 2025-04-12 | N/A |
| The NETGEAR ProSafe Plus Configuration Utility creates configuration backup files containing cleartext passwords, which might allow remote attackers to obtain sensitive information by reading a file. | ||||
| CVE-2015-8263 | 1 Netgear | 2 Wnr1000v3, Wnr1000v3 Firmware | 2025-04-12 | N/A |
| NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port. | ||||
| CVE-2016-5677 | 2 Netgear, Nuuo | 3 Readynas Surveillance, Nvrmini 2, Nvrsolo | 2025-04-12 | N/A |
| NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request. | ||||
| CVE-2014-4927 | 3 Acme, Dlink, Netgear | 5 Micro Httpd, Dsl2740u, Dsl2750u and 2 more | 2025-04-12 | N/A |
| Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and DSL2740U and NetGear WGR614 and MR-ADSL-DG834 routers allows remote attackers to cause a denial of service (crash) via a long string in the URI in a GET request. | ||||