Vulnerabilities > Netgear > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-20 | CVE-2022-46423 | Unspecified vulnerability in Netgear Wnr2000 Firmware An exploitable firmware modification vulnerability was discovered on the Netgear WNR2000v1 router. | 8.1 |
| 2022-12-20 | CVE-2022-46424 | Unspecified vulnerability in Netgear Xwn5001 Firmware 0.4.1.1 An exploitable firmware modification vulnerability was discovered on the Netgear XWN5001 Powerline 500 WiFi Access Point. | 8.1 |
| 2022-12-16 | CVE-2022-47208 | OS Command Injection vulnerability in Netgear products The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. | 8.8 |
| 2022-12-16 | CVE-2022-47209 | Improper Authentication vulnerability in Netgear Rax30 Firmware A support user exists on the device and appears to be a backdoor for Technical Support staff. | 8.8 |
| 2022-12-16 | CVE-2022-47210 | OS Command Injection vulnerability in Netgear Rax30 Firmware The default console presented to users over telnet (when enabled) is restricted to a subset of commands. | 7.8 |
| 2022-10-17 | CVE-2022-42221 | Unspecified vulnerability in Netgear R6220 Firmware 1.1.0.1141.0.1 Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, resulting in a command injection vulnerability. | 8.8 |
| 2022-09-22 | CVE-2022-37234 | Out-of-bounds Write vulnerability in Netgear R7000 Firmware 1.0.11.13410.2.119 Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. | 7.8 |
| 2022-09-20 | CVE-2022-38955 | Improper Validation of Integrity Check Value vulnerability in Netgear Wpn824Ext Firmware 1.1.11.1.9 An exploitable firmware modification vulnerability was discovered on the Netgear WPN824EXT WiFi Range Extender. | 7.5 |
| 2022-09-08 | CVE-2022-30079 | OS Command Injection vulnerability in Netgear R6200 R6200V2V1.0.3.12 Command injection vulnerability was discovered in Netgear R6200 v2 firmware through R6200v2-V1.0.3.12 via binary /sbin/acos_service that could allow remote authenticated attackers the ability to modify values in the vulnerable parameter. | 8.8 |
| 2022-09-07 | CVE-2022-30078 | OS Command Injection vulnerability in Netgear R6200 Firmware and R6300 Firmware NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware versions through R6300v2-V1.0.4.52_10.0.93 allow remote authenticated attackers to execute arbitrary command via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameters. | 8.8 |