Vulnerabilities > Netgear
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-06-30 | CVE-2009-2258 | Path Traversal vulnerability in Netgear Dg632 and Dg632 Firmware Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. | 7.8 |
2009-06-30 | CVE-2009-2257 | Improper Authentication vulnerability in Netgear Dg632 3.4.0Ap The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/. | 7.8 |
2009-06-30 | CVE-2009-2256 | Improper Input Validation vulnerability in Netgear Dg632 3.4.0Ap The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg. | 7.8 |
2009-02-22 | CVE-2009-0680 | Path Traversal vulnerability in Netgear Ssl312 cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service (device crash) via a crafted query string, as demonstrated using directory traversal sequences. | 7.8 |
2009-02-11 | CVE-2008-6122 | Improper Input Validation vulnerability in Netgear Wgr614 V8/V9 The web management interface in Netgear WGR614v9 allows remote attackers to cause a denial of service (crash) via a request that contains a question mark ("?"). | 7.8 |
2008-09-05 | CVE-2008-1197 | Improper Input Validation vulnerability in multiple products The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse the SSID information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via a "Null SSID." | 6.3 |
2008-09-05 | CVE-2008-1144 | Improper Input Validation vulnerability in multiple products The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse EAPoL-Key packets, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via a malformed EAPoL-Key packet with a crafted "advertised length." | 6.3 |
2007-10-18 | CVE-2007-5562 | Cross-Site Scripting vulnerability in Netgear Ssl312 Cross-site scripting (XSS) vulnerability in cgi-bin/welcome (aka the login page) in Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 allows remote attackers to inject arbitrary web script or HTML via the err parameter in the context of an error page. | 4.3 |
2007-08-15 | CVE-2007-4361 | Remote SSH Backdoor vulnerability in Netgear Readynas Raidiator 3.01C1P1/3.01C1P6 NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access. | 10.0 |
2006-11-27 | CVE-2006-6125 | Buffer Errors vulnerability in Netgear Wg311V1 2.3.1.10 Heap-based buffer overflow in the wireless driver (WG311ND5.SYS) 2.3.1.10 for NetGear WG311v1 wireless adapter allows remote attackers to execute arbitrary code via an 802.11 management frame with a long SSID. | 7.5 |