Vulnerabilities > Netgear > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-15 | CVE-2020-11772 | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
| 2020-04-15 | CVE-2020-11771 | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
| 2020-04-15 | CVE-2020-11769 | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by stored XSS. | 4.8 |
| 2020-04-15 | CVE-2020-11768 | Cross-site Scripting vulnerability in Netgear products Certain NETGEAR devices are affected by Stored XSS. | 4.8 |
| 2020-03-02 | CVE-2019-20486 | Cross-site Scripting vulnerability in Netgear Wnr1000 Firmware 1.1.0.54 An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. | 6.1 |
| 2020-02-24 | CVE-2019-12513 | Cross-site Scripting vulnerability in Netgear Nighthawk X10-R9000 Firmware In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. | 6.1 |
| 2020-02-24 | CVE-2019-12512 | Cross-site Scripting vulnerability in Netgear Nighthawk X10-R9000 Firmware In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login attempt. | 6.1 |
| 2020-02-06 | CVE-2012-6341 | Information Exposure vulnerability in Netgear Wgr614V7 Firmware and Wgr614V9 Firmware An Information Disclosure vulnerability exists in the my config file in NEtGEAR WGR614 v7 and v9, which could let a malicious user recover all previously used passwords on the device, for both the control panel and WEP/WPA/WPA2, in plaintext. | 6.5 |
| 2020-02-06 | CVE-2012-6340 | Improper Authentication vulnerability in Netgear Wgr614V7 Firmware and Wgr614V9 Firmware An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to CVE-2006-1002. | 4.6 |
| 2019-11-13 | CVE-2013-3516 | Cross-Site Request Forgery (CSRF) vulnerability in Netgear Wnr3500L Firmware and Wnr3500U Firmware NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens. | 6.5 |