Vulnerabilities > Netgear
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-26 | CVE-2017-6862 | Classic Buffer Overflow vulnerability in Netgear products NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. | 9.8 |
| 2017-04-28 | CVE-2017-2137 | Unspecified vulnerability in Netgear Prosafe Plus Configuration Utility 2.3.28 ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests. | 3.7 |
| 2017-04-21 | CVE-2016-1557 | Information Exposure vulnerability in Netgear products Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP. | 9.8 |
| 2017-04-21 | CVE-2016-1556 | Information Exposure vulnerability in Netgear products Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages. | 7.5 |
| 2017-04-21 | CVE-2016-1555 | Command Injection vulnerability in Netgear products (1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands. | 9.8 |
| 2017-03-15 | CVE-2017-6366 | Cross-Site Request Forgery (CSRF) vulnerability in Netgear Dgn2200 Firmware Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the host_name parameter to dnslookup.cgi. | 8.8 |
| 2017-03-06 | CVE-2017-6334 | OS Command Injection vulnerability in Netgear Dgn2200 Series Firmware 10.0.0.50 dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077. | 8.8 |
| 2017-02-22 | CVE-2017-6077 | OS Command Injection vulnerability in Netgear Dgn2200 Firmware ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request. | 9.8 |
| 2017-01-30 | CVE-2016-10176 | Improper Input Validation vulnerability in Netgear Wnr2000V5 Firmware 1.0.0.34 The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. | 9.8 |
| 2017-01-30 | CVE-2016-10175 | Information Exposure vulnerability in Netgear Wnr2000V5 Firmware 1.0.0.34 The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. | 9.8 |