Vulnerabilities > Netgear
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-13 | CVE-2013-3517 | Cross-site Scripting vulnerability in Netgear Wnr3500L Firmware and Wnr3500U Firmware Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U and WNR3500L. | 5.4 |
| 2019-11-13 | CVE-2013-4657 | Path Traversal vulnerability in Netgear Wnr3500L Firmware and Wnr3500U Firmware Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service. | 9.8 |
| 2019-10-16 | CVE-2016-11016 | Cross-site Scripting vulnerability in Netgear Jnr1010 Firmware NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS. | 6.1 |
| 2019-10-16 | CVE-2016-11015 | Cross-Site Request Forgery (CSRF) vulnerability in Netgear Jnr1010 Firmware NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL parameter. | 6.5 |
| 2019-10-16 | CVE-2016-11014 | Insufficient Session Expiration vulnerability in Netgear Jnr1010 Firmware NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case. | 9.8 |
| 2019-10-09 | CVE-2019-17373 | Unspecified vulnerability in Netgear products Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. | 9.8 |
| 2019-10-09 | CVE-2019-17372 | Improper Authentication vulnerability in Netgear products Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. | 8.1 |
| 2019-09-30 | CVE-2019-17049 | SQL Injection vulnerability in Netgear Srx5308 Firmware 4.3.53 NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account. | 7.5 |
| 2019-09-11 | CVE-2019-5055 | NULL Pointer Dereference vulnerability in Netgear Wnr2000 Firmware 1.0.0.70 An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. | 7.5 |
| 2019-09-11 | CVE-2019-5054 | NULL Pointer Dereference vulnerability in Netgear Wnr2000 Firmware 1.0.0.70 An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. | 7.5 |