Vulnerabilities > Netgear

DATE CVE VULNERABILITY TITLE RISK
2022-06-17 CVE-2022-31876 Incorrect Authorization vulnerability in Netgear Wnap320 Firmware 2.0.3
netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies.
network
low complexity
netgear CWE-863
5.0
2022-05-13 CVE-2022-29383 SQL Injection vulnerability in Netgear Ssl312 Firmware Fvs336Gv2/Fvs336Gv3
NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi.
network
low complexity
netgear CWE-89
7.5
2022-03-26 CVE-2022-27945 OS Command Injection vulnerability in Netgear R8500 Firmware 1.0.2.158
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to password.cgi.
network
low complexity
netgear CWE-78
critical
9.0
2022-03-26 CVE-2022-27946 OS Command Injection vulnerability in Netgear R8500 Firmware 1.0.2.158
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_account.cgi.
network
low complexity
netgear CWE-78
critical
9.0
2022-03-26 CVE-2022-27947 OS Command Injection vulnerability in Netgear R8500 Firmware 1.0.2.158
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameter.
network
low complexity
netgear CWE-78
critical
9.0
2022-03-18 CVE-2022-24655 Out-of-bounds Write vulnerability in Netgear products
A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1.2.6, and DC112A 1.0.0.62, which may lead to the execution of arbitrary code without authentication.
local
low complexity
netgear CWE-787
7.2
2022-03-17 CVE-2021-44261 Missing Authentication for Critical Function vulnerability in Netgear products
A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication.
network
low complexity
netgear CWE-306
5.0
2022-03-17 CVE-2021-44262 Missing Authentication for Critical Function vulnerability in Netgear products
A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication.
network
low complexity
netgear CWE-306
5.0
2022-03-04 CVE-2021-46382 Cross-site Scripting vulnerability in Netgear Wac120 AC Firmware
Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking.
network
netgear CWE-79
4.3
2022-01-25 CVE-2021-34865 Improper Authentication vulnerability in Netgear products
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers.
low complexity
netgear CWE-287
8.3