Vulnerabilities > Netgear > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-02 | CVE-2019-20488 | OS Command Injection vulnerability in Netgear Wnr1000 Firmware 1.1.0.54 An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. | 7.5 |
| 2020-02-10 | CVE-2019-17137 | Improper Authentication vulnerability in Netgear Ac1200 R6220 Firmware 1.1.0.86 This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR AC1200 R6220 Firmware version 1.1.0.86 Smart WiFi Router. | 7.5 |
| 2020-01-28 | CVE-2013-3074 | Resource Exhaustion vulnerability in Netgear Wndr4700 Firmware 1.0.0.34 NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device crash). | 7.8 |
| 2020-01-28 | CVE-2013-3071 | Improper Authentication vulnerability in Netgear Wndr4700 Firmware 1.0.0.34 NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass. | 7.5 |
| 2019-11-14 | CVE-2013-3072 | Improper Authentication vulnerability in Netgear Wndr4700 Firmware 1.0.0.34 An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal. | 7.5 |
| 2019-10-16 | CVE-2016-11014 | Insufficient Session Expiration vulnerability in Netgear Jnr1010 Firmware NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case. | 7.5 |
| 2019-10-09 | CVE-2019-17373 | Unspecified vulnerability in Netgear products Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. | 7.5 |
| 2019-06-11 | CVE-2017-18378 | Command Injection vulnerability in Netgear Readynas Surveillance Firmware In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution. | 7.5 |
| 2017-03-06 | CVE-2017-6334 | OS Command Injection vulnerability in Netgear Dgn2200 Series Firmware 10.0.0.50 dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077. | 8.8 |
| 2017-01-30 | CVE-2016-10176 | Improper Input Validation vulnerability in Netgear Wnr2000V5 Firmware The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. | 7.5 |