Vulnerabilities > Netgear

DATE CVE VULNERABILITY TITLE RISK
2016-06-20 CVE-2015-8289 Information Exposure vulnerability in Netgear D3600 Firmware and D6000 Firmware
The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator password by reading the cgi-bin/passrec.asp HTML source code.
network
netgear CWE-200
4.3
2016-06-20 CVE-2015-8288 Unspecified vulnerability in Netgear D3600 Firmware and D6000 Firmware
NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.
network
netgear
4.3
2016-02-13 CVE-2016-1525 Path Traversal vulnerability in Netgear Prosafe Network Management Software 300 1.5.0.11
Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a ..
network
low complexity
netgear CWE-22
7.8
2016-02-13 CVE-2016-1524 Unspecified vulnerability in Netgear Prosafe Network Management Software 300 1.5.0.11
Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI.
low complexity
netgear
8.3
2015-12-27 CVE-2015-8263 Security Bypass vulnerability in Netgear G54/N150 WNR1000v3 Router
NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the destination port.
network
low complexity
netgear
5.0
2014-09-10 CVE-2014-4864 Credentials Management vulnerability in Netgear Prosafe Firmware
The NETGEAR ProSafe Plus Configuration Utility creates configuration backup files containing cleartext passwords, which might allow remote attackers to obtain sensitive information by reading a file.
low complexity
netgear CWE-255
3.3
2014-07-07 CVE-2014-2969 Credentials Management vulnerability in Netgear Gs108Pe and Gs108Pe Firmware
NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi.
low complexity
netgear CWE-255
8.3
2014-04-25 CVE-2013-3069 Cross-Site Scripting vulnerability in Netgear Wndr4700 and Wndr4700 Firmware
Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page.
network
netgear CWE-79
3.5
2013-12-19 CVE-2013-4776 Remote Denial of Service vulnerability in Multiple NetGear ProSafe Switches
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/.
network
low complexity
netgear
7.8
2013-12-19 CVE-2013-4775 Information Exposure vulnerability in Netgear products
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to read encrypted administrator credentials and other startup configurations via a direct request to filesystem/startup-config.
network
low complexity
netgear CWE-200
7.8