Vulnerabilities > Netgear > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-24 | CVE-2019-12513 | Cross-site Scripting vulnerability in Netgear Nighthawk X10-R9000 Firmware In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. | 6.1 |
| 2020-02-24 | CVE-2019-12512 | Cross-site Scripting vulnerability in Netgear Nighthawk X10-R9000 Firmware In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login attempt. | 6.1 |
| 2020-02-06 | CVE-2012-6341 | Information Exposure vulnerability in Netgear Wgr614V7 Firmware and Wgr614V9 Firmware An Information Disclosure vulnerability exists in the my config file in NEtGEAR WGR614 v7 and v9, which could let a malicious user recover all previously used passwords on the device, for both the control panel and WEP/WPA/WPA2, in plaintext. | 6.5 |
| 2020-02-06 | CVE-2012-6340 | Improper Authentication vulnerability in Netgear Wgr614V7 Firmware and Wgr614V9 Firmware An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to CVE-2006-1002. | 4.6 |
| 2019-11-13 | CVE-2013-3516 | Cross-Site Request Forgery (CSRF) vulnerability in Netgear Wnr3500L Firmware and Wnr3500U Firmware NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens. | 6.5 |
| 2019-11-13 | CVE-2013-3517 | Cross-site Scripting vulnerability in Netgear Wnr3500L Firmware and Wnr3500U Firmware Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U and WNR3500L. | 5.4 |
| 2019-10-16 | CVE-2016-11016 | Cross-site Scripting vulnerability in Netgear Jnr1010 Firmware NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS. | 6.1 |
| 2019-10-16 | CVE-2016-11015 | Cross-Site Request Forgery (CSRF) vulnerability in Netgear Jnr1010 Firmware NETGEAR JNR1010 devices before 1.0.0.32 allow cgi-bin/webproc CSRF via the :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL parameter. | 6.5 |
| 2019-08-08 | CVE-2016-10864 | Cross-site Scripting vulnerability in Netgear Ex7000 Firmware NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID. | 5.2 |
| 2019-06-17 | CVE-2019-5017 | Information Exposure vulnerability in multiple products An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. | 5.3 |