Vulnerabilities > Netgear > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-26 | CVE-2017-6862 | Classic Buffer Overflow vulnerability in Netgear products NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. | 9.8 |
| 2017-04-21 | CVE-2016-1557 | Information Exposure vulnerability in Netgear products Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP. | 9.8 |
| 2017-04-21 | CVE-2016-1555 | Command Injection vulnerability in Netgear products (1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands. | 9.8 |
| 2017-02-22 | CVE-2017-6077 | OS Command Injection vulnerability in Netgear Dgn2200 Firmware ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request. | 9.8 |
| 2017-01-30 | CVE-2016-10176 | Improper Input Validation vulnerability in Netgear Wnr2000V5 Firmware 1.0.0.34 The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. | 9.8 |
| 2017-01-30 | CVE-2016-10175 | Information Exposure vulnerability in Netgear Wnr2000V5 Firmware 1.0.0.34 The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. | 9.8 |
| 2017-01-30 | CVE-2016-10174 | Classic Buffer Overflow vulnerability in Netgear products The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. | 9.8 |
| 2017-01-04 | CVE-2016-10115 | Use of Hard-coded Credentials vulnerability in Netgear products NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default password of 12345678, which makes it easier for remote attackers to obtain access after a factory reset or in a factory configuration. | 9.8 |
| 2016-08-31 | CVE-2016-5675 | Improper Input Validation vulnerability in multiple products handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter. | 9.8 |
| 2016-08-31 | CVE-2016-5674 | Improper Input Validation vulnerability in multiple products __debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter. | 9.8 |