Vulnerabilities > Netgear > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-15 | CVE-2023-28337 | Unrestricted Upload of File with Dangerous Type vulnerability in Netgear Rax30 Firmware When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. | 8.8 |
| 2023-03-15 | CVE-2023-28338 | Allocation of Resources Without Limits or Throttling vulnerability in Netgear Rax30 Firmware Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s web service containing a “Content-Type” of “multipartboundary=” will result in the request body being written to “/tmp/mulipartFile” on the device itself. | 7.5 |
| 2023-03-10 | CVE-2023-1205 | Cross-Site Request Forgery (CSRF) vulnerability in Netgear Rax30 Firmware NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections. | 8.8 |
| 2023-03-10 | CVE-2023-27851 | Unspecified vulnerability in Netgear Rax30 Firmware NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that unintentionally allows users with upload permissions to execute arbitrary code on the device. | 8.8 |
| 2023-02-15 | CVE-2023-0848 | Unspecified vulnerability in Netgear Wndr3700 Firmware 1.0.1.14 A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. | 7.5 |
| 2023-02-15 | CVE-2023-0850 | Unspecified vulnerability in Netgear Wndr3700 Firmware 1.0.1.14 A vulnerability was found in Netgear WNDR3700v2 1.0.1.14 and classified as problematic. | 7.5 |
| 2023-02-15 | CVE-2023-24498 | Insufficiently Protected Credentials vulnerability in Netgear Prosafe Fs726Tp Firmware An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text. | 7.5 |
| 2023-02-02 | CVE-2023-23110 | Download of Code Without Integrity Check vulnerability in Netgear products An exploitable firmware modification vulnerability was discovered in certain Netgear products. | 7.4 |
| 2023-01-31 | CVE-2022-48176 | Out-of-bounds Write vulnerability in Netgear products Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow. | 7.8 |
| 2022-12-20 | CVE-2022-46423 | Unspecified vulnerability in Netgear Wnr2000 Firmware An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. | 8.1 |