Vulnerabilities > Netgear
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-14 | CVE-2013-3073 | Path Traversal vulnerability in Netgear Wndr4700 Firmware 1.0.0.34 A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34. | 10.0 |
| 2019-11-13 | CVE-2013-3516 | Cross-Site Request Forgery (CSRF) vulnerability in Netgear Wnr3500L Firmware and Wnr3500U Firmware NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens. | 4.3 |
| 2019-11-13 | CVE-2013-3517 | Cross-site Scripting vulnerability in Netgear Wnr3500L Firmware and Wnr3500U Firmware Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U and WNR3500L. | 3.5 |
| 2019-11-13 | CVE-2013-4657 | Path Traversal vulnerability in Netgear Wnr3500L Firmware and Wnr3500U Firmware Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service. | 10.0 |
| 2019-10-16 | CVE-2016-11016 | Cross-site Scripting vulnerability in Netgear Jnr1010 Firmware NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS. | 4.3 |
| 2019-10-16 | CVE-2016-11015 | Cross-Site Request Forgery (CSRF) vulnerability in Netgear Jnr1010 Firmware NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL parameter. | 4.3 |
| 2019-10-16 | CVE-2016-11014 | Insufficient Session Expiration vulnerability in Netgear Jnr1010 Firmware NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case. | 7.5 |
| 2019-10-09 | CVE-2019-17373 | Unspecified vulnerability in Netgear products Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. | 7.5 |
| 2019-10-09 | CVE-2019-17372 | Improper Authentication vulnerability in Netgear products Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. | 4.3 |
| 2019-09-30 | CVE-2019-17049 | SQL Injection vulnerability in Netgear Srx5308 Firmware 4.3.53 NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account. | 5.0 |