Vulnerabilities > Netgear
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-02 | CVE-2019-20488 | OS Command Injection vulnerability in Netgear Wnr1000 Firmware 1.1.0.54 An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. | 9.8 |
| 2020-03-02 | CVE-2019-20487 | Cross-Site Request Forgery (CSRF) vulnerability in Netgear Wnr1000 Firmware 1.1.0.54 An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. | 8.8 |
| 2020-03-02 | CVE-2019-20486 | Cross-site Scripting vulnerability in Netgear Wnr1000 Firmware 1.1.0.54 An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. | 6.1 |
| 2020-02-24 | CVE-2019-12513 | Cross-site Scripting vulnerability in Netgear Nighthawk X10-R9000 Firmware In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. | 6.1 |
| 2020-02-24 | CVE-2019-12512 | Cross-site Scripting vulnerability in Netgear Nighthawk X10-R9000 Firmware In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login attempt. | 6.1 |
| 2020-02-24 | CVE-2019-12511 | OS Command Injection vulnerability in Netgear Nighthawk X10-R9000 Firmware 1.0.4.24 In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. | 9.8 |
| 2020-02-24 | CVE-2019-12510 | Insufficient Verification of Data Authenticity vulnerability in Netgear Nighthawk X10-R9000 Firmware 1.0.4.24 In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API ("/soap/server_sa") by supplying a malicious X-Forwarded-For header of the device's LAN IP address (192.168.1.1) in every request. | 9.1 |
| 2020-02-13 | CVE-2014-3919 | Cross-site Scripting vulnerability in Netgear Cg3100 Firmware A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information. | 9.3 |
| 2020-02-10 | CVE-2019-17137 | Unspecified vulnerability in Netgear Ac1200 R6220 Firmware 1.1.0.86 This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. | 9.4 |
| 2020-02-06 | CVE-2012-6341 | Information Exposure vulnerability in Netgear Wgr614V7 Firmware and Wgr614V9 Firmware An Information Disclosure vulnerability exists in the my config file in NEtGEAR WGR614 v7 and v9, which could let a malicious user recover all previously used passwords on the device, for both the control panel and WEP/WPA/WPA2, in plaintext. | 6.5 |