Vulnerabilities > Netgear > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-02 | CVE-2019-20488 | OS Command Injection vulnerability in Netgear Wnr1000 Firmware 1.1.0.54 An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. | 9.8 |
| 2020-02-24 | CVE-2019-12511 | OS Command Injection vulnerability in Netgear Nighthawk X10-R9000 Firmware 1.0.4.24 In NETGEAR Nighthawk X10-R9000 prior to 1.0.4.26, an attacker may execute arbitrary system commands as root by sending a specially-crafted MAC address to the "NETGEAR Genie" SOAP endpoint at AdvancedQoS:GetCurrentBandwidthByMAC. | 9.8 |
| 2020-02-24 | CVE-2019-12510 | Insufficient Verification of Data Authenticity vulnerability in Netgear Nighthawk X10-R9000 Firmware 1.0.4.24 In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API ("/soap/server_sa") by supplying a malicious X-Forwarded-For header of the device's LAN IP address (192.168.1.1) in every request. | 9.1 |
| 2020-02-13 | CVE-2014-3919 | Cross-site Scripting vulnerability in Netgear Cg3100 Firmware A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information. | 9.3 |
| 2020-02-10 | CVE-2019-17137 | Unspecified vulnerability in Netgear Ac1200 R6220 Firmware 1.1.0.86 This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. | 9.4 |
| 2020-01-29 | CVE-2013-3317 | Improper Authentication vulnerability in Netgear Wnr1000 Firmware Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key. | 9.8 |
| 2020-01-29 | CVE-2013-3316 | Improper Authentication vulnerability in Netgear Wnr1000 Firmware Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg". | 9.8 |
| 2020-01-28 | CVE-2013-3071 | Improper Authentication vulnerability in Netgear Wndr4700 Firmware 1.0.0.34 NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass. | 9.8 |
| 2019-11-14 | CVE-2013-3072 | Improper Authentication vulnerability in Netgear Wndr4700 Firmware 1.0.0.34 An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal. | 9.8 |
| 2019-11-14 | CVE-2013-3073 | Path Traversal vulnerability in Netgear Wndr4700 Firmware 1.0.0.34 A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34. | 9.8 |