Vulnerabilities > Netgear
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-12-12 | CVE-2013-2752 | Cross-Site Request Forgery (CSRF) vulnerability in Netgear Raidiator Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users. | 6.8 |
2013-12-12 | CVE-2013-2751 | Code Injection vulnerability in Netgear Raidiator Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow." | 10.0 |
2012-04-28 | CVE-2012-2439 | Permissions, Privileges, and Access Controls vulnerability in Netgear Prosafe Fvs318N The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors. | 7.5 |
2011-04-10 | CVE-2011-1674 | Improper Authentication vulnerability in Netgear Prosafe Wnap210 and Prosafe Wnap210 Firmware The NetGear ProSafe WNAP210 with firmware 2.0.12 allows remote attackers to bypass authentication and obtain access to the configuration page by visiting recreate.php and then visiting index.php. | 6.8 |
2011-04-10 | CVE-2011-1673 | Cryptographic Issues vulnerability in Netgear Prosafe Wnap210 and Prosafe Wnap210 Firmware BackupConfig.php on the NetGear ProSafe WNAP210 allows remote attackers to obtain the administrator password by reading the configuration file. | 5.0 |
2009-11-12 | CVE-2009-0052 | Remote Denial of Service vulnerability in NETGEAR WNDAP330 Management Frame The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame. | 5.5 |
2009-06-30 | CVE-2009-2258 | Path Traversal vulnerability in Netgear Dg632 and Dg632 Firmware Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. | 7.8 |
2009-06-30 | CVE-2009-2257 | Improper Authentication vulnerability in Netgear Dg632 3.4.0Ap The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/. | 7.8 |
2009-06-30 | CVE-2009-2256 | Improper Input Validation vulnerability in Netgear Dg632 3.4.0Ap The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg. | 7.8 |
2009-02-22 | CVE-2009-0680 | Path Traversal vulnerability in Netgear Ssl312 cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences. | 7.8 |