Vulnerabilities > Netgear > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-09 | CVE-2019-19494 | Classic Buffer Overflow vulnerability in multiple products Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. | 9.3 |
| 2019-11-14 | CVE-2013-3073 | Path Traversal vulnerability in Netgear Wndr4700 Firmware 1.0.0.34 A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34. | 10.0 |
| 2019-11-13 | CVE-2013-4657 | Path Traversal vulnerability in Netgear Wnr3500L Firmware and Wnr3500U Firmware Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service. | 10.0 |
| 2019-08-14 | CVE-2019-14527 | OS Command Injection vulnerability in Netgear Mr1100 Firmware An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. | 10.0 |
| 2019-07-28 | CVE-2019-14363 | Out-of-bounds Write vulnerability in Netgear Wndr3400V3 Firmware A stack-based buffer overflow in the upnpd binary running on NETGEAR WNDR3400v3 routers with firmware version 1.0.1.18_1.0.63 allows an attacker to remotely execute arbitrary code via a crafted UPnP SSDP packet. | 10.0 |
| 2017-05-26 | CVE-2017-6862 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Netgear products NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. | 9.8 |
| 2017-04-21 | CVE-2016-1555 | Command Injection vulnerability in Netgear products (1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands. | 10.0 |
| 2017-03-06 | CVE-2017-6334 | OS Command Injection vulnerability in Netgear Dgn2200 Series Firmware dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077. | 9.0 |
| 2017-02-22 | CVE-2017-6077 | OS Command Injection vulnerability in Netgear Dgn2200 Firmware ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request. | 10.0 |
| 2017-01-30 | CVE-2016-10174 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Netgear Wnr2000V5 Firmware The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. | 10.0 |