Vulnerabilities > Netgear
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-14 | CVE-2019-14527 | OS Command Injection vulnerability in Netgear Mr1100 Firmware 12.05.05.00 An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. | 9.8 |
| 2019-08-14 | CVE-2019-14526 | Cross-Site Request Forgery (CSRF) vulnerability in Netgear Mr1100 Firmware 12.05.05.00 An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. | 8.1 |
| 2019-08-08 | CVE-2016-10864 | Cross-site Scripting vulnerability in Netgear Ex7000 Firmware NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID. | 5.2 |
| 2019-07-28 | CVE-2019-14363 | Out-of-bounds Write vulnerability in Netgear Wndr3400V3 Firmware 1.0.1.18/1.0.1.22/1.0.1.24 A stack-based buffer overflow in the upnpd binary running on NETGEAR WNDR3400v3 routers with firmware version 1.0.1.18_1.0.63 allows an attacker to remotely execute arbitrary code via a crafted UPnP SSDP packet. | 9.8 |
| 2019-06-17 | CVE-2019-5017 | Information Exposure vulnerability in multiple products An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. | 5.3 |
| 2019-06-17 | CVE-2019-5016 | Information Exposure vulnerability in multiple products An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. | 9.1 |
| 2019-06-11 | CVE-2017-18378 | Command Injection vulnerability in Netgear Readynas Surveillance Firmware In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution. | 9.8 |
| 2019-06-03 | CVE-2019-12591 | Command Injection vulnerability in Netgear Insight NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection. | 7.6 |
| 2018-07-24 | CVE-2016-5649 | Information Exposure vulnerability in Netgear Dgn2200 Firmware and Dgnd3700 Firmware A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. | 9.8 |
| 2018-07-24 | CVE-2016-5638 | Information Exposure vulnerability in Netgear Wndr4500 Firmware 1.0.1.401.0.6877 There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. | 7.5 |