Vulnerabilities > Netgear
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-13 | CVE-2022-48322 | Out-of-bounds Write vulnerability in Netgear products NETGEAR Nighthawk WiFi Mesh systems and routers are affected by a stack-based buffer overflow vulnerability. | 9.8 |
| 2023-02-02 | CVE-2023-23110 | Download of Code Without Integrity Check vulnerability in Netgear products An exploitable firmware modification vulnerability was discovered in certain Netgear products. | 7.4 |
| 2023-01-31 | CVE-2022-48176 | Out-of-bounds Write vulnerability in Netgear products Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow. | 7.8 |
| 2023-01-26 | CVE-2022-47052 | Injection vulnerability in Netgear Ac1200 R6220 Firmware 1.1.0.1121.0.1/1.1.0.1141.0.1 The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi Router' is vulnerable to a CRLF Injection attack that can be leveraged to perform Reflected XSS and HTML Injection. | 6.1 |
| 2022-12-30 | CVE-2022-48196 | Classic Buffer Overflow vulnerability in Netgear products Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. | 9.8 |
| 2022-12-20 | CVE-2022-46422 | Unspecified vulnerability in Netgear Wnr2000 Firmware An issue in Netgear WNR2000 v1 1.2.3.7 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process. | 4.8 |
| 2022-12-20 | CVE-2022-46423 | Unspecified vulnerability in Netgear Wnr2000 Firmware An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. | 8.1 |
| 2022-12-20 | CVE-2022-46424 | Unspecified vulnerability in Netgear Xwn5001 Firmware 0.4.1.1 An exploitable firmware modification vulnerability was discovered on the Netgear XWN5001 Powerline 500 WiFi Access Point. | 8.1 |
| 2022-12-16 | CVE-2022-47208 | OS Command Injection vulnerability in Netgear products The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. | 8.8 |
| 2022-12-16 | CVE-2022-47209 | Improper Authentication vulnerability in Netgear Rax30 Firmware A support user exists on the device and appears to be a backdoor for Technical Support staff. | 8.8 |