U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): netgear
  • Search Type: Search All
  • CPE Name Search: false
There are 1,253 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2023-51635

NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within fing_dil service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19843.

Published: November 22, 2024; 3:15:06 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2023-51634

NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19589.

Published: November 22, 2024; 3:15:06 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-52030

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at ru_wan_flow.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Published: November 05, 2024; 10:15:27 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-52029

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at genie_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Published: November 05, 2024; 10:15:27 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-52028

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at wiz_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Published: November 05, 2024; 10:15:27 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-52026

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at bsw_pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Published: November 05, 2024; 10:15:27 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-52025

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at geniepppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Published: November 05, 2024; 10:15:27 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-52024

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at wizpppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Published: November 05, 2024; 10:15:27 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-52023

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe2.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Published: November 05, 2024; 10:15:27 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-52022

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component wlg_adv.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

Published: November 05, 2024; 10:15:27 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-52021

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at bsw_fix.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

Published: November 05, 2024; 10:15:26 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-52020

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at wiz_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

Published: November 05, 2024; 10:15:26 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-52019

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

Published: November 05, 2024; 10:15:26 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-52018

Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at genie_dyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.

Published: November 05, 2024; 10:15:26 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-52017

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at bridge_wireless_main.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Published: November 05, 2024; 10:15:26 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-52016

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component wlg_adv.cgi via the apmode_dns1_pri and apmode_dns1_sec parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request.

Published: November 05, 2024; 10:15:26 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-52015

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at bsw_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Published: November 05, 2024; 10:15:26 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-52014

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at genie_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Published: November 05, 2024; 10:15:26 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-52013

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at wiz_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Published: November 05, 2024; 10:15:26 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)
CVE-2024-51022

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the ssid parameter in bridge_wireless_main.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

Published: November 05, 2024; 10:15:25 AM -0500
V4.0:(not available)
V3.x:(not available)
V2.0:(not available)