Vulnerabilities > Netgear > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-11 CVE-2024-35517 Command Injection vulnerability in Netgear Xr1000 Firmware 1.0.0.64
Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter.
network
low complexity
netgear CWE-77
7.2
7.2
2024-10-11 CVE-2024-35522 Command Injection vulnerability in Netgear Ex3700 Firmware
Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1 and ap_24g_manual_sec set to NotNone.
network
low complexity
netgear CWE-77
7.2
7.2
2024-08-21 CVE-2024-6813 SQL Injection vulnerability in Netgear Prosafe Network Management System 1.7.0.34
NETGEAR ProSAFE Network Management System getSortString SQL Injection Remote Code Execution Vulnerability.
network
low complexity
netgear CWE-89
8.8
8.8
2024-08-21 CVE-2024-6814 SQL Injection vulnerability in Netgear Prosafe Network Management System 1.7.0.34
NETGEAR ProSAFE Network Management System getFilterString SQL Injection Remote Code Execution Vulnerability.
network
low complexity
netgear CWE-89
8.8
8.8
2024-06-06 CVE-2024-5505 Path Traversal vulnerability in Netgear Prosafe Network Management System
NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability.
network
low complexity
netgear CWE-22
8.8
8.8
2023-11-29 CVE-2023-49694 Unspecified vulnerability in Netgear Prosafe Network Management System
A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory.
local
low complexity
netgear
7.8
7.8
2023-08-07 CVE-2023-36499 Classic Buffer Overflow vulnerability in Netgear Xr300 Firmware 1.0.3.78
Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_wifi_change.cgi.
network
low complexity
netgear CWE-120
8.8
8.8
2023-08-07 CVE-2023-38412 Classic Buffer Overflow vulnerability in Netgear R6900P Firmware 1.3.3.154
Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi.
network
low complexity
netgear CWE-120
8.8
8.8
2023-08-07 CVE-2023-38591 Classic Buffer Overflow vulnerability in Netgear Dg834Gv5 Firmware 1.6.01.34
Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer overflows via the wla_ssid and wla_temp_ssid parameters at bsw_ssid.cgi.
network
low complexity
netgear CWE-120
8.8
8.8
2023-08-07 CVE-2023-38921 Command Injection vulnerability in Netgear Wag302V2 Firmware and Wg302V2 Firmware
Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters.
network
low complexity
netgear CWE-77
8.8
8.8