Vulnerabilities > Netgear > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-11 | CVE-2019-5055 | NULL Pointer Dereference vulnerability in Netgear Wnr2000 Firmware 1.0.0.70 An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. | 7.5 |
| 2019-09-11 | CVE-2019-5054 | NULL Pointer Dereference vulnerability in Netgear Wnr2000 Firmware 1.0.0.70 An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. | 7.5 |
| 2019-08-14 | CVE-2019-14526 | Cross-Site Request Forgery (CSRF) vulnerability in Netgear Mr1100 Firmware 12.05.05.00 An issue was discovered on NETGEAR Nighthawk M1 (MR1100) devices before 12.06.03. | 8.1 |
| 2019-06-03 | CVE-2019-12591 | Command Injection vulnerability in Netgear Insight NETGEAR Insight Cloud with firmware before Insight 5.6 allows remote authenticated users to achieve command injection. | 7.6 |
| 2018-07-24 | CVE-2016-5638 | Information Exposure vulnerability in Netgear Wndr4500 Firmware 1.0.1.401.0.6877 There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. | 7.5 |
| 2017-04-21 | CVE-2016-1556 | Information Exposure vulnerability in Netgear products Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages. | 7.5 |
| 2017-03-15 | CVE-2017-6366 | Cross-Site Request Forgery (CSRF) vulnerability in Netgear Dgn2200 Firmware Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the host_name parameter to dnslookup.cgi. | 8.8 |
| 2017-03-06 | CVE-2017-6334 | OS Command Injection vulnerability in Netgear Dgn2200 Series Firmware 10.0.0.50 dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077. | 8.8 |
| 2017-01-17 | CVE-2017-5521 | Unspecified vulnerability in Netgear products An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. | 8.1 |
| 2017-01-04 | CVE-2016-10116 | Permissions, Privileges, and Access Controls vulnerability in Netgear products NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier use a pattern of adjective, noun, and three-digit number for the customized password, which makes it easier for remote attackers to obtain access via a dictionary attack. | 8.1 |