Vulnerabilities > Netgear > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-06-17 CVE-2019-5016 Information Exposure vulnerability in multiple products
An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products.
network
low complexity
netgear kcodes CWE-200
critical
9.1
2019-06-11 CVE-2017-18378 Command Injection vulnerability in Netgear Readynas Surveillance Firmware
In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution.
network
low complexity
netgear CWE-77
critical
9.8
2018-07-24 CVE-2016-5649 Information Exposure vulnerability in Netgear Dgn2200 Firmware and Dgnd3700 Firmware
A vulnerability is in the 'BSW_cxttongr.htm' page of the Netgear DGN2200, version DGN2200-V1.0.0.50_7.0.50, and DGND3700, version DGND3700-V1.0.0.17_1.0.17, which can allow a remote attacker to access this page without any authentication.
network
low complexity
netgear CWE-200
critical
9.8
2017-05-26 CVE-2017-6862 Classic Buffer Overflow vulnerability in Netgear products
NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp.
network
low complexity
netgear CWE-120
critical
9.8
2017-04-21 CVE-2016-1557 Information Exposure vulnerability in Netgear products
Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless passwords and administrative usernames and passwords over SNMP.
network
low complexity
netgear CWE-200
critical
9.8
2017-04-21 CVE-2016-1555 Command Injection vulnerability in Netgear products
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.
network
low complexity
netgear CWE-77
critical
9.8
2017-02-22 CVE-2017-6077 OS Command Injection vulnerability in Netgear Dgn2200 Firmware
ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request.
network
low complexity
netgear CWE-78
critical
9.8
2017-01-30 CVE-2016-10176 Improper Input Validation vulnerability in Netgear Wnr2000V5 Firmware 1.0.0.34
The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device.
network
low complexity
netgear CWE-20
critical
9.8
2017-01-30 CVE-2016-10175 Information Exposure vulnerability in Netgear Wnr2000V5 Firmware 1.0.0.34
The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI.
network
low complexity
netgear CWE-200
critical
9.8
2017-01-30 CVE-2016-10174 Classic Buffer Overflow vulnerability in Netgear products
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html.
network
low complexity
netgear CWE-120
critical
9.8