Vulnerabilities > Netgear > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-20 | CVE-2022-46424 | Unspecified vulnerability in Netgear Xwn5001 Firmware 0.4.1.1 An exploitable firmware modification vulnerability was discovered on the Netgear XWN5001 Powerline 500 WiFi Access Point. | 8.1 |
| 2022-12-16 | CVE-2022-47208 | OS Command Injection vulnerability in Netgear products The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. | 8.8 |
| 2022-12-16 | CVE-2022-47209 | Improper Authentication vulnerability in Netgear Rax30 Firmware A support user exists on the device and appears to be a backdoor for Technical Support staff. | 8.8 |
| 2022-12-16 | CVE-2022-47210 | OS Command Injection vulnerability in Netgear Rax30 Firmware The default console presented to users over telnet (when enabled) is restricted to a subset of commands. | 7.8 |
| 2022-10-17 | CVE-2022-42221 | Unspecified vulnerability in Netgear R6220 Firmware 1.1.0.1141.0.1 Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, resulting in a command injection vulnerability. | 8.8 |
| 2022-09-22 | CVE-2022-37234 | Out-of-bounds Write vulnerability in Netgear R7000 Firmware 1.0.11.13410.2.119 Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. | 7.8 |
| 2022-09-20 | CVE-2022-38955 | Improper Validation of Integrity Check Value vulnerability in Netgear Wpn824Ext Firmware 1.1.11.1.9 An exploitable firmware modification vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. | 7.5 |
| 2022-09-08 | CVE-2022-30079 | OS Command Injection vulnerability in Netgear R6200 R6200V2V1.0.3.12 Command injection vulnerability was discovered in Netgear R6200 v2 firmware through R6200v2-V1.0.3.12 via binary /sbin/acos_service that could allow remote authenticated attackers the ability to modify values in the vulnerable parameter. | 8.8 |
| 2022-09-07 | CVE-2022-30078 | OS Command Injection vulnerability in Netgear R6200 Firmware and R6300 Firmware NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware versions through R6300v2-V1.0.4.52_10.0.93 allow remote authenticated attackers to execute arbitrary command via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameters. | 8.8 |
| 2022-03-26 | CVE-2022-27945 | OS Command Injection vulnerability in Netgear R8500 Firmware 1.0.2.158 NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to password.cgi. | 8.8 |