Vulnerabilities > Netgear
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-13 | CVE-2019-13393 | Insecure Default Initialization of Resource vulnerability in Netgear Cg3700B Firmware 2.02.03 The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. | 5.0 |
| 2020-03-02 | CVE-2019-20489 | Improper Authentication vulnerability in Netgear Wnr1000 Firmware 1.1.0.54 An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. | 5.0 |
| 2020-03-02 | CVE-2019-20488 | OS Command Injection vulnerability in Netgear Wnr1000 Firmware 1.1.0.54 An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. | 7.5 |
| 2020-03-02 | CVE-2019-20487 | Cross-Site Request Forgery (CSRF) vulnerability in Netgear Wnr1000 Firmware 1.1.0.54 An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. | 6.8 |
| 2020-03-02 | CVE-2019-20486 | Cross-site Scripting vulnerability in Netgear Wnr1000 Firmware 1.1.0.54 An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. | 4.3 |
| 2020-02-24 | CVE-2019-12513 | Cross-site Scripting vulnerability in Netgear Nighthawk X10-R9000 Firmware In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. | 4.3 |
| 2020-02-24 | CVE-2019-12512 | Cross-site Scripting vulnerability in Netgear Nighthawk X10-R9000 Firmware In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login attempt. | 4.3 |
| 2020-02-24 | CVE-2019-12511 | OS Command Injection vulnerability in Netgear Nighthawk X10-R9000 Firmware 1.0.4.24 In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. | 9.3 |
| 2020-02-24 | CVE-2019-12510 | Insufficient Verification of Data Authenticity vulnerability in Netgear Nighthawk X10-R9000 Firmware 1.0.4.24 In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API ("/soap/server_sa") by supplying a malicious X-Forwarded-For header of the device's LAN IP address (192.168.1.1) in every request. | 6.4 |
| 2020-02-13 | CVE-2014-3919 | Cross-site Scripting vulnerability in Netgear Cg3100 Firmware A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information. | 4.3 |