Vulnerabilities > Netgear > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-15 | CVE-2019-20767 | Out-of-bounds Write vulnerability in Netgear products Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. | 7.2 |
| 2020-03-23 | CVE-2016-11022 | OS Command Injection vulnerability in Netgear products NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 devices allow a remote attacker to execute code with root privileges via shell metacharacters in the reqMethod parameter to login_handler.php. | 7.2 |
| 2020-03-13 | CVE-2019-13395 | Cross-Site Request Forgery (CSRF) vulnerability in Netgear Cg3700B Firmware 2.02.03 The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF against all /goform/ URIs. | 8.8 |
| 2020-03-13 | CVE-2019-13393 | Insecure Default Initialization of Resource vulnerability in Netgear Cg3700B Firmware 2.02.03 The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. | 7.5 |
| 2020-03-02 | CVE-2019-20487 | Cross-Site Request Forgery (CSRF) vulnerability in Netgear Wnr1000 Firmware 1.1.0.54 An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. | 8.8 |
| 2020-01-28 | CVE-2013-3074 | Resource Exhaustion vulnerability in Netgear Wndr4700 Firmware 1.0.0.34 NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device crash). | 7.5 |
| 2020-01-09 | CVE-2019-19494 | Classic Buffer Overflow vulnerability in multiple products Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. | 8.8 |
| 2019-11-14 | CVE-2013-3070 | Information Exposure vulnerability in Netgear Wndr4700 Firmware 1.0.0.34 An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN. | 7.5 |
| 2019-10-09 | CVE-2019-17372 | Improper Authentication vulnerability in Netgear products Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. | 8.1 |
| 2019-09-30 | CVE-2019-17049 | SQL Injection vulnerability in Netgear Srx5308 Firmware 4.3.53 NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account. | 7.5 |