Vulnerabilities > Netgear
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-07-07 | CVE-2014-2969 | Credentials Management vulnerability in Netgear Gs108Pe and Gs108Pe Firmware NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to (1) produce_burn.cgi, (2) register_debug.cgi, or (3) bootcode_update.cgi. | 8.3 |
| 2014-04-25 | CVE-2013-3069 | Cross-Site Scripting vulnerability in Netgear Wndr4700 and Wndr4700 Firmware Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page. | 3.5 |
| 2013-12-19 | CVE-2013-4776 | Remote Denial of Service vulnerability in Multiple NetGear ProSafe Switches NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/. | 7.8 |
| 2013-12-19 | CVE-2013-4775 | Information Exposure vulnerability in Netgear products NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to read encrypted administrator credentials and other startup configurations via a direct request to filesystem/startup-config. | 7.8 |
| 2013-12-12 | CVE-2013-2752 | Cross-Site Request Forgery (CSRF) vulnerability in Netgear Raidiator Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users. | 6.8 |
| 2013-12-12 | CVE-2013-2751 | Code Injection vulnerability in Netgear Raidiator Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow." | 10.0 |
| 2012-04-28 | CVE-2012-2439 | Permissions, Privileges, and Access Controls vulnerability in Netgear Prosafe Fvs318N The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors. | 7.5 |
| 2011-04-10 | CVE-2011-1674 | Improper Authentication vulnerability in Netgear Prosafe Wnap210 and Prosafe Wnap210 Firmware The NetGear ProSafe WNAP210 with firmware 2.0.12 allows remote attackers to bypass authentication and obtain access to the configuration page by visiting recreate.php and then visiting index.php. | 6.8 |
| 2011-04-10 | CVE-2011-1673 | Cryptographic Issues vulnerability in Netgear Prosafe Wnap210 and Prosafe Wnap210 Firmware BackupConfig.php on the NetGear ProSafe WNAP210 allows remote attackers to obtain the administrator password by reading the configuration file. | 5.0 |
| 2009-11-12 | CVE-2009-0052 | Remote Denial of Service vulnerability in NETGEAR WNDAP330 Management Frame The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame. | 5.5 |