ReportizFlow
Filtered by vendor Netgear
Subscriptions
Total
1326 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6122 | 1 Netgear | 1 Wgr614 | 2025-04-09 | N/A |
| The web management interface in Netgear WGR614v9 allows remote attackers to cause a denial of service (crash) via a request that contains a question mark ("?"). | ||||
| CVE-2006-5972 | 1 Netgear | 2 Wg111v2, Wg111v2 Driver | 2025-04-09 | N/A |
| Stack-based buffer overflow in WG111v2.SYS in NetGear WG111v2 wireless adapter (USB) allows remote attackers to execute arbitrary code via a long 802.11 beacon request. | ||||
| CVE-2008-1144 | 2 Marvell, Netgear | 2 88w8361w-bem1, Wn802t | 2025-04-09 | N/A |
| The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse EAPoL-Key packets, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via a malformed EAPoL-Key packet with a crafted "advertised length." | ||||
| CVE-2009-2257 | 1 Netgear | 1 Dg632 | 2025-04-09 | N/A |
| The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to bypass authentication via a direct request to (1) gateway/commands/saveconfig.html, and (2) stattbl.htm, (3) modemmenu.htm, (4) onload.htm, (5) form.css, (6) utility.js, and possibly (7) indextop.htm in html/. | ||||
| CVE-2007-4361 | 1 Netgear | 1 Readynas Raidiator | 2025-04-09 | N/A |
| NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access. | ||||
| CVE-2006-6059 | 1 Netgear | 1 Ma521 Driver | 2025-04-09 | N/A |
| Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear MA521 PCMCIA adapter allows remote attackers to execute arbitrary code via (1) beacon or (2) probe 802.11 frame responses with an long supported rates information element. NOTE: this issue was reported as a "memory corruption" error, but the associated exploit code suggests that it is a buffer overflow. | ||||
| CVE-2009-2256 | 1 Netgear | 1 Dg632 | 2025-04-09 | N/A |
| The administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to cause a denial of service (web outage) via an HTTP POST request to cgi-bin/firmwarecfg. | ||||
| CVE-2009-2258 | 1 Netgear | 2 Dg632, Dg632 Firmware | 2025-04-09 | N/A |
| Directory traversal vulnerability in cgi-bin/webcm in the administrative web interface on the Netgear DG632 with firmware 3.4.0_ap allows remote attackers to list arbitrary directories via a .. (dot dot) in the nextpage parameter. | ||||
| CVE-2008-1197 | 2 Marvell, Netgear | 2 88w8361w-bem1, Wn802t | 2025-04-09 | N/A |
| The Marvell driver for the Netgear WN802T Wi-Fi access point with firmware 1.3.16 on the Marvell 88W8361P-BEM1 chipset does not properly parse the SSID information element in an association request, which allows remote authenticated users to cause a denial of service (device reboot or hang) or possibly execute arbitrary code via a "Null SSID." | ||||
| CVE-2006-6125 | 1 Netgear | 1 Wg311v1 | 2025-04-09 | N/A |
| Heap-based buffer overflow in the wireless driver (WG311ND5.SYS) 2.3.1.10 for NetGear WG311v1 wireless adapter allows remote attackers to execute arbitrary code via an 802.11 management frame with a long SSID. | ||||
| CVE-2009-0052 | 2 Atheros, Netgear | 3 Ar9160-bc1a Chipset, Wndap330, Wndap330 Firmware | 2025-04-09 | N/A |
| The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame. | ||||
| CVE-2007-5562 | 1 Netgear | 1 Ssl312 | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in cgi-bin/welcome (aka the login page) in Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 allows remote attackers to inject arbitrary web script or HTML via the err parameter in the context of an error page. | ||||
| CVE-2024-30568 | 1 Netgear | 2 R6850, R6850 Firmware | 2025-04-04 | 9.8 Critical |
| Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter. | ||||
| CVE-2024-30569 | 1 Netgear | 2 R6850, R6850 Firmware | 2025-04-04 | 7.5 High |
| An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. | ||||
| CVE-2024-30570 | 1 Netgear | 2 R6850, R6850 Firmware | 2025-04-04 | 5.3 Medium |
| An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. | ||||
| CVE-2024-30571 | 1 Netgear | 2 R6850, R6850 Firmware | 2025-04-04 | 7.5 High |
| An information leak in the BRS_top.html component of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required. | ||||
| CVE-2024-30572 | 1 Netgear | 2 R6850, R6850 Firmware | 2025-04-04 | 8 High |
| Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntp_server parameter. | ||||
| CVE-2002-2116 | 1 Netgear | 2 Rm356, Rt338 | 2025-04-03 | N/A |
| Netgear RM-356 and RT-338 series SOHO routers allow remote attackers to cause a denial of service (crash) via a UDP port scan, as demonstrated using nmap. | ||||
| CVE-2005-0291 | 1 Netgear | 1 Fvs318 | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via a blocked URL phrase. | ||||
| CVE-2004-2032 | 1 Netgear | 1 Rp114 | 2025-04-03 | N/A |
| Netgear RP114 allows remote attackers to bypass the keyword based URL filtering by requesting a long URL, as demonstrated using a large number of %20 (hex-encoded space) sequences. | ||||