Vulnerabilities > Netgear > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-14 | CVE-2013-3072 | Improper Authentication vulnerability in Netgear Wndr4700 Firmware 1.0.0.34 An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal. | 9.8 |
| 2019-11-14 | CVE-2013-3073 | Path Traversal vulnerability in Netgear Wndr4700 Firmware 1.0.0.34 A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34. | 9.8 |
| 2019-11-13 | CVE-2013-4657 | Path Traversal vulnerability in Netgear Wnr3500L Firmware and Wnr3500U Firmware Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service. | 9.8 |
| 2019-10-16 | CVE-2016-11014 | Insufficient Session Expiration vulnerability in Netgear Jnr1010 Firmware NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case. | 9.8 |
| 2019-10-09 | CVE-2019-17373 | Unspecified vulnerability in Netgear products Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. | 9.8 |
| 2019-08-14 | CVE-2019-14527 | OS Command Injection vulnerability in Netgear Mr1100 Firmware 12.05.05.00 An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. | 9.8 |
| 2019-07-28 | CVE-2019-14363 | Out-of-bounds Write vulnerability in Netgear Wndr3400V3 Firmware 1.0.1.18/1.0.1.22/1.0.1.24 A stack-based buffer overflow in the upnpd binary running on NETGEAR WNDR3400v3 routers with firmware version 1.0.1.18_1.0.63 allows an attacker to remotely execute arbitrary code via a crafted UPnP SSDP packet. | 9.8 |
| 2019-06-17 | CVE-2019-5016 | Information Exposure vulnerability in multiple products An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. | 9.1 |
| 2019-06-11 | CVE-2017-18378 | Command Injection vulnerability in Netgear Readynas Surveillance Firmware In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution. | 9.8 |
| 2018-07-24 | CVE-2016-5649 | Information Exposure vulnerability in Netgear Dgn2200 Firmware and Dgnd3700 Firmware A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication. | 9.8 |