Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-6077

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-22 Feb, 2017 | 23:00
Updated At-21 Oct, 2025 | 23:55
Rejected At-
Credits

NETGEAR DGN2200 Remote Code Execution Vulnerability

NETGEAR DGN2200 wireless routers contain a vulnerability that allows for remote code execution.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Known Exploited Vulnerabilities (KEV)
cisa.gov
Vendor:
NETGEAR, Inc.NETGEAR
Product:Wireless Router DGN2200
Added At:07 Mar, 2022
Due At:07 Sep, 2022

NETGEAR DGN2200 Remote Code Execution Vulnerability

NETGEAR DGN2200 wireless routers contain a vulnerability that allows for remote code execution.

Used in Ransomware

:

Unknown

CWE

:
CWE-78

Required Action:

Apply updates per vendor instructions.

Additional Notes:

https://nvd.nist.gov/vuln/detail/CVE-2017-6077
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:22 Feb, 2017 | 23:00
Updated At:21 Oct, 2025 | 23:55
Rejected At:
â–¼CVE Numbering Authority (CNA)

ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/96408
vdb-entry
x_refsource_BID
https://www.exploit-db.com/exploits/41394/
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://www.securityfocus.com/bid/96408
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://www.exploit-db.com/exploits/41394/
Resource:
exploit
x_refsource_EXPLOIT-DB
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/96408
vdb-entry
x_refsource_BID
x_transferred
https://www.exploit-db.com/exploits/41394/
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://www.securityfocus.com/bid/96408
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/41394/
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-78CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Type: CWE
CWE ID: CWE-78
Description: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
kev
dateAdded:
2022-03-07
reference:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-6077
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
CVE-2017-6077 added to CISA KEV2022-03-07 00:00:00
Event: CVE-2017-6077 added to CISA KEV
Date: 2022-03-07 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-6077
government-resource
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-6077
Resource:
government-resource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:22 Feb, 2017 | 23:59
Updated At:21 Apr, 2026 | 18:00

ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
2022-03-072022-09-07NETGEAR DGN2200 Remote Code Execution VulnerabilityApply updates per vendor instructions.
Date Added: 2022-03-07
Due Date: 2022-09-07
Vulnerability Name: NETGEAR DGN2200 Remote Code Execution Vulnerability
Required Action: Apply updates per vendor instructions.
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
NETGEAR, Inc.
netgear
>>dgn2200_firmware>>Versions up to 10.0.0.50(inclusive)
cpe:2.3:o:netgear:dgn2200_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>dgn2200>>-
cpe:2.3:h:netgear:dgn2200:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-78Primarynvd@nist.gov
CWE-78Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-78
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-78
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/96408cve@mitre.org
Broken Link
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/41394/cve@mitre.org
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/96408af854a3a-2127-422b-91ae-364da2661108
Broken Link
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/41394/af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
VDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-6077134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource
Hyperlink: http://www.securityfocus.com/bid/96408
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: https://www.exploit-db.com/exploits/41394/
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/96408
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: https://www.exploit-db.com/exploits/41394/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-6077
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

1929Records found
CVE-2019-14363
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.30% / 79.86%
||
7 Day CHG~0.00%
Published-28 Jul, 2019 | 17:33
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow in the upnpd binary running on NETGEAR WNDR3400v3 routers with firmware version 1.0.1.18_1.0.63 allows an attacker to remotely execute arbitrary code via a crafted UPnP SSDP packet.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wndr3400v3_firmwarewndr3400v3n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-13394
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 39.16%
||
7 Day CHG~0.00%
Published-13 Mar, 2020 | 17:26
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-cg3700bcg3700b_firmwaren/a
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-37235
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.85% / 75.05%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 00:06
Updated-27 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncat

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7000r7000_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45621
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-1.53% / 81.44%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:34
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.52, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7100LG before 1.0.0.72, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, R8300 before 1.0.2.154, R8500 before 1.0.2.154, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-cbr40_firmwareeax80r6300v2_firmwarerax15lax20r6400_firmwarer6300v2r7100lgex3700rax50r6900p_firmwareex7500_firmwarer7100lg_firmwarerax45r8300r8500_firmwarers400r7960prax40v2_firmwarer7000_firmwareeax80_firmwarer6700v3rax20r6700v3_firmwareex6130r7900prax20_firmwareeax20_firmwaremr60rax35v2rax43_firmwarerax40v2cbr750rbs850_firmwarer6400v2rbr850rax43rax80_firmwarer7000cbr750_firmwarecbr40rbk752_firmwareex3800r7900_firmwareex3700_firmwareex7000_firmwareex6120rbk852r7900p_firmwarems60lax20_firmwarer8000_firmwarexr1000_firmwarerax80xr1000ex7500rs400_firmwarer8000rax75ex7000r6900pex3800_firmwarer7900r8000prbs850ms60_firmwarerbr750r8000p_firmwarer7850rax200r7000p_firmwarerax200_firmwarer8500ex6130_firmwarerbs750_firmwarer7850_firmwaremr60_firmwarer8300_firmwarexr300rbr750_firmwareeax20r7000pr6400v2_firmwarexr300_firmwarerax35v2_firmwarerbk752rbs750r7960p_firmwarerax15_firmwarerax75_firmwarerax50_firmwarerbk852_firmwarerax45_firmwarer6400ex6120_firmwarerbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45504
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.40% / 60.46%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 01:02
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBR852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-cbr40rbs850rbr852_firmwarecbr40_firmwarecbr750rbs850_firmwarerbr850rbr852cbr750_firmwarerbr850_firmwaren/a
CVE-2021-45610
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.29% / 52.74%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:36
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.66, D6400 before 1.0.0.100, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, DC112A before 1.0.0.52, DGN2200v4 before 1.0.0.118, EAX80 before 1.0.1.64, R6250 before 1.0.4.48, R7000 before 1.0.11.110, R7100LG before 1.0.0.72, R7900 before 1.0.4.30, R7960P before 1.4.1.64, R8000 before 1.0.4.62, RAX200 before 1.0.3.106, RS400 before 1.5.1.80, XR300 before 1.0.3.68, R6400v2 before 1.0.4.106, R7000P before 1.3.2.132, R8000P before 1.4.1.64, RAX20 before 1.0.2.82, RAX45 before 1.0.2.82, RAX80 before 1.0.3.106, R6700v3 before 1.0.4.106, R6900P before 1.3.2.132, R7900P before 1.4.1.64, RAX15 before 1.0.2.82, RAX50 before 1.0.2.82, and RAX75 before 1.0.3.106.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-eax80rax80rax15rs400_firmwarer8000rax75r6900pr7100lgr7900r8000prax50r6900p_firmwared6220r7100lg_firmwared7000v2r7960prax45dgn2200v4_firmwarer7000_firmwarers400r8000p_firmwareeax80_firmwarer6700v3d6400_firmwarerax200r6700v3_firmwarerax20d6220_firmwared8500_firmwarer6250_firmwarer7900prax20_firmwarer7000p_firmwarerax200_firmwaredc112ad8500d7000v2_firmwarer6400v2xr300r7000rax80_firmwared6400r7000pdgn2200v4r6400v2_firmwarexr300_firmwarer7900_firmwarer7960p_firmwarerax15_firmwaredc112a_firmwarerax75_firmwarerax50_firmwarerax45_firmwarer7900p_firmwarer8000_firmwarer6250n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2016-1555
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-94.33% / 99.95%
||
7 Day CHG~0.00%
Published-21 Apr, 2017 | 15:00
Updated-22 Apr, 2026 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wndap210v2_firmwarewndap350_firmwarewndap660_firmwarewndap360wnap320_firmwarewn604wn802tv2_firmwarewndap350wn802tv2wndap210v2wnap320wndap360_firmwarewndap660wn604_firmwaren/aWireless Access Point (WAP) Devices
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45645
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.2||HIGH
EPSS-0.27% / 50.17%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:30
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects RBS50Y before 2.7.0.122, SRK60 before 2.7.0.122, SRR60 before 2.7.0.122, SRS60 before 2.7.0.122, SXK30 before 3.2.33.108, SXR30 before 3.2.33.108, SXS30 before 3.2.33.108, and SRC60 before 2.7.0.122.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs50y_firmwaresrr60srk60sxs30rbs50ysrr60_firmwaresxr30_firmwaresrk60_firmwaresxk30srs60_firmwaresxk30_firmwaresrc60sxr30srs60src60_firmwaresxs30_firmwaren/a
CVE-2022-37232
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.85% / 75.05%
||
7 Day CHG~0.00%
Published-23 Sep, 2022 | 00:10
Updated-27 May, 2025 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable to Buffer Overflow via uhttpd. There is a stack overflow vulnerability caused by strcpy.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr2000v4wnr2000v4_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45617
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.53% / 81.44%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:35
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX7500 before 1.0.0.72, R6400 before 1.0.1.68, R6900P before 1.3.2.132, R7000 before 1.0.11.116, R7000P before 1.3.2.132, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.66, RAX200 before 1.0.3.106, RS400 before 1.5.1.80, XR300 before 1.0.3.68, MK62 before 1.0.6.110, MR60 before 1.0.6.110, R6400v2 before 1.0.4.106, R8000P before 1.4.1.66, RAX20 before 1.0.2.64, RAX45 before 1.0.2.82, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, R6700v3 before 1.0.4.106, R7900P before 1.4.1.66, RAX15 before 1.0.2.64, RAX50 before 1.0.2.82, RAX75 before 1.0.3.106, RBR750 before 3.2.16.22, RBR850 before 3.2.16.22, RBS750 before 3.2.16.22, RBS850 before 3.2.16.22, RBK752 before 3.2.16.22, and RBK852 before 3.2.16.22.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-cbr40_firmwareeax80rax15r6400_firmwarerax50r6900p_firmwareex7500_firmwarer7960prax45rs400r7000_firmwareeax80_firmwarer6700v3rax20r6700v3_firmwarerax20_firmwarer7900peax20_firmwaremr60r6400v2rbs850_firmwarerbr850r7000rax80_firmwarecbr40rbk752_firmwarer7900_firmwarerbk852r7900p_firmwarems60r8000_firmwareex7500rax80rs400_firmwarer8000rax75mk62r6900pr7900r8000prbs850ms60_firmwarerbr750r8000p_firmwarerax200r7000p_firmwarerax200_firmwarerbs750_firmwaremk62_firmwaremr60_firmwarexr300rbr750_firmwareeax20r7000pr6400v2_firmwarexr300_firmwarerbk752rbs750r7960p_firmwarerax15_firmwarerax75_firmwarerax50_firmwarer6400rax45_firmwarerbk852_firmwarerbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45612
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.60% / 69.60%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:36
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-cbr40_firmwareeax80rax15lax20rax50r6900p_firmwareex7500_firmwarerax45r7960prs400r7000_firmwarerax40v2_firmwareeax80_firmwarer6700v3rax20r6700v3_firmwarer7900prax20_firmwareeax20_firmwaremr60rax35v2rax43_firmwarerax40v2cbr750r6400v2rbs850_firmwarerbr850r7000rax43rax80_firmwarecbr750_firmwarecbr40rbk752_firmwarer7900_firmwarerbk852r7900p_firmwarems60lax20_firmwarer8000_firmwarexr1000_firmwarerax80ex7500xr1000rs400_firmwarer8000rax75mk62r6900pr7900r8000prbs850ms60_firmwarerbr750r8000p_firmwarer7850rax200r7000p_firmwarerax200_firmwarerbs750_firmwaremk62_firmwarer7850_firmwaremr60_firmwarexr300rbr750_firmwareeax20r7000pr6400v2_firmwarexr300_firmwarerax35v2_firmwarerbk752rbs750r7960p_firmwarerax15_firmwarerax75_firmwarerax50_firmwarerbk852_firmwarerax45_firmwarerbr850_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45638
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.36% / 58.21%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:31
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.68, D6400 before 1.0.0.102, D7000v2 before 1.0.0.74, D8500 before 1.0.3.60, DC112A before 1.0.0.56, R6300v2 before 1.0.4.50, R6400 before 1.0.1.68, R7000 before 1.0.11.116, R7100LG before 1.0.0.70, RBS40V before 2.6.2.8, RBW30 before 2.6.2.2, RS400 before 1.5.1.80, R7000P before 1.3.2.132, and R6900P before 1.3.2.132.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs40v_firmwarerbs40vdc112ar6300v2_firmwarerbw30_firmwared8500rs400_firmwared7000v2_firmwarer6400_firmwarer6900pr6300v2r7100lgr7000rbw30d6400r7000pr6900p_firmwared6220r7100lg_firmwared7000v2rs400r7000_firmwared6400_firmwaredc112a_firmwared6220_firmwarer6400d8500_firmwarer7000p_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45618
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-1.53% / 81.44%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:35
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.64, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RAX120 before 1.2.0.16, RBS50Y before 1.0.0.56, WNR2000v5 before 1.0.0.76, XR450 before 2.3.2.114, XR500 before 2.3.2.114, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, EX6410 before 1.0.0.134, RBR10 before 2.6.1.44, RBR20 before 2.6.2.104, RBR40 before 2.6.2.104, RBR50 before 2.7.2.102, EX6420 before 1.0.0.134, RBS10 before 2.6.1.44, RBS20 before 2.6.2.104, RBS40 before 2.6.2.104, RBS50 before 2.7.2.102, EX6400v2 before 1.0.0.134, RBK12 before 2.6.1.44, RBK20 before 2.6.2.104, RBK40 before 2.6.2.104, and RBK50 before 2.7.2.102.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbk12ex6150v2_firmwarer8900_firmwarerbr40_firmwareex6410ex6420_firmwareex7300v2_firmwarewnr2000v5_firmwareex6250_firmwarexr500_firmwarexr700_firmwarexr450_firmwareex7300rbk12_firmwarerbs40rbs50y_firmwarer8900r9000_firmwarerbs40_firmwarerbr10rbs10_firmwareex6410_firmwarerbs20rbs50_firmwarerbs50yr9000ex6200v2_firmwareex6400v2ex6100v2ex7700_firmwarer7800rax120_firmwarerbs10wnr2000v5r7800_firmwareex6100v2_firmwarerbk20_firmwareex6400xr700xr450ex6200v2rbk20ex6400_firmwareex7300_firmwarerbs20_firmwared7800ex6150v2ex8000rbk40ex7320_firmwarerbr20rbk40_firmwarerax120xr500ex6400v2_firmwareex6420ex7300v2d7800_firmwareex8000_firmwareex6250rbr10_firmwarerbr40rbs50rbr50_firmwarerbr50ex7700lbr20rbr20_firmwareex7320rbk50lbr20_firmwarerbk50_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-45509
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.30% / 53.73%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 01:01
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-cbr40rbs850rbk752_firmwarecbr40_firmwarerbk752rbs750_firmwarerbr750rbs750rbs850_firmwarerbr850rbk852_firmwarerbr750_firmwarerbk852rbr850_firmwaren/a
CVE-2021-45498
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 48.43%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 01:03
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR R6700v2 devices before 1.2.0.88 are affected by authentication bypass.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6700v2_firmwarer6700v2n/a
CVE-2023-1327
Matching Score-8
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-8
Assigner-Tenable Network Security, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.50% / 81.26%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 00:00
Updated-27 Feb, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device's web management interface by resetting the admin password.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax30_firmwarerax30Netgear RAX30 (AX2400)
CWE ID-CWE-287
Improper Authentication
CVE-2023-0849
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-4.7||MEDIUM
EPSS-0.77% / 73.69%
||
7 Day CHG~0.00%
Published-15 Feb, 2023 | 21:43
Updated-02 Aug, 2024 | 05:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netgear WNDR3700v2 Web Interface command injection

A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221152.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-wndr3700_firmwarewndr3700WNDR3700v2
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2022-48322
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.54% / 67.85%
||
7 Day CHG~0.00%
Published-13 Feb, 2023 | 00:00
Updated-21 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR Nighthawk WiFi Mesh systems and routers are affected by a stack-based buffer overflow vulnerability. This affects MR60 before 1.1.7.132, MS60 before 1.1.7.132, R6900P before 1.3.3.154, R7000P before 1.3.3.154, R7960P before 1.4.4.94, and R8000P before 1.4.4.94.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6900pms60r8000pmr60ms60_firmwarer7000pr8000p_firmwarer7000p_firmwarer6900p_firmwarer7960p_firmwarer7960pmr60_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-29044
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.85% / 86.36%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 00:00
Updated-21 Apr, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in Netgear- R61 router V1.0.1.28 allows a remote attacker to execute arbitrary code via the QUERY_STRING key value

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6100_firmwarer6100n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-44198
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.65% / 71.08%
||
7 Day CHG~0.00%
Published-22 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_push1.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7000pr7000p_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44199
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.65% / 71.08%
||
7 Day CHG~0.00%
Published-22 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter openvpn_server_ip.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7000pr7000p_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44190
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.65% / 71.08%
||
7 Day CHG~0.00%
Published-22 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter enable_band_steering.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7000pr7000p_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44188
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.65% / 71.08%
||
7 Day CHG~0.00%
Published-22 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter enable_band_steering.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7000pr7000p_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44187
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.65% / 71.08%
||
7 Day CHG~0.00%
Published-22 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via wan_dns1_pri.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7000pr7000p_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44194
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.02% / 77.39%
||
7 Day CHG~0.00%
Published-22 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters apmode_dns1_pri and apmode_dns1_sec.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7000pr7000p_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-44200
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.65% / 71.08%
||
7 Day CHG~0.00%
Published-22 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 04:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow via parameters: stamode_dns1_pri and stamode_dns1_sec.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7000pr7000p_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45609
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.34% / 56.88%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:37
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D8500 before 1.0.3.58, R6250 before 1.0.4.48, R7000 before 1.0.11.116, R7100LG before 1.0.0.64, R7900 before 1.0.4.38, R8300 before 1.0.2.144, R8500 before 1.0.2.144, XR300 before 1.0.3.68, R7000P before 1.3.2.132, and R6900P before 1.3.2.132.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8500d8500r8300_firmwarexr300r7000r6900pr7100lgr7900r7000pr6900p_firmwarer6250r8300r8500_firmwarer7100lg_firmwarexr300_firmwarer7900_firmwarer7000_firmwared8500_firmwarer6250_firmwarer7000p_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-40866
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.43% / 80.78%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 07:16
Updated-04 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated attacker via the (disabled by default) /sqfs/bin/sccd daemon, which fails to check authentication when the authentication TLV is missing from a received NSDP packet. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-gs710tup_firmwaregc108p_firmwaregs308tgs310tp_firmwaregs108tv3gs724tpgs110tupgs110tppgs716tppms510txup_firmwaregs752tppms510txupgs728tp_firmwaregs716tp_firmwarems510txm_firmwaregs728tpp_firmwarems510txmgs728tpgs110tpp_firmwaregs752tp_firmwaregc108pgs110tpgs716tpp_firmwaregs752tpgs710tupgc108ppgs308t_firmwaregs724tpp_firmwaregs110tup_firmwaregs724tppgs728tppgc108pp_firmwaregs752tpp_firmwaregs750egs110tp_firmwaregs750e_firmwaregs108t_firmwaregs716tpgs310tpgs724tp_firmwaren/a
CVE-2021-38528
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-3.69% / 88.02%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 00:00
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D8500 before 1.0.3.58, R6900P before 1.3.2.132, R7000P before 1.3.2.132, R7100LG before 1.0.0.64, WNDR3400v3 before 1.0.1.38, and XR300 before 1.0.3.56.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-xr300_firmwarer7100lg_firmwared8500wndr3400_firmwarer6900p_firmwarexr300r6900pwndr3400r7100lgd8500_firmwarer7000pr7000p_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-38529
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.3||HIGH
EPSS-1.87% / 83.23%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 00:00
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, and R9000 before 1.0.4.26.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7800d7800_firmwarer8900r9000_firmwarer8900_firmwarer7800_firmwared7800r9000n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-38516
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-0.55% / 68.07%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 00:03
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D7800 before 1.0.1.44, D8500 before 1.0.3.43, DC112A before 1.0.0.40, DGN2200v4 before 1.0.0.108, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, R6020 before 1.0.0.34, R6080 before 1.0.0.34, R6120 before 1.0.0.44, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6250 before 1.0.4.34, R6260 before 1.1.0.40, R6850 before 1.1.0.40, R6350 before 1.1.0.40, R6400v2 before 1.0.2.62, R6700v3 before 1.0.2.62, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R7000 before 1.0.9.34, R6900P before 1.3.1.44, R7000P before 1.3.1.44, R7100LG before 1.0.0.48, R7200 before 1.2.0.48, R7350 before 1.2.0.48, R7400 before 1.2.0.48, R7450 before 1.2.0.36, AC2100 before 1.2.0.36, AC2400 before 1.2.0.36, AC2600 before 1.2.0.36, R7500v2 before 1.0.3.38, R7800 before 1.0.2.58, R7900 before 1.0.3.8, R7960P before 1.4.1.44, R8000 before 1.0.4.28, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RAX120 before 1.0.0.74, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, WNR3500Lv2 before 1.2.0.56, XR450 before 2.3.2.32, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6120r8900_firmwarer6220_firmwareac2600rbr40_firmwarer6080_firmwareac2400r6400_firmwarer7100lgr6900p_firmwared6220r7500_firmwarer7100lg_firmwarer7960pr6260_firmwarer7000_firmwarer6220r6020ac2400_firmwarer7350_firmwarexr500_firmwared6220_firmwared8500_firmwarer7900pxr450_firmwarer6020_firmwarer7200rbs40d7000r8900rbs40_firmwarer9000_firmwared8500r6080r6230r6700rbs850_firmwarerbr850r6230_firmwarer7000rbs50_firmwarerbs20ac2100_firmwarewnr3500l_firmwared6400r7500r9000r6900_firmwarerbk752_firmwarer7400r7800rax120_firmwarer7900_firmwarer6850r6350r7800_firmwarerbk852r6700_firmwarer7900p_firmwarerbk20_firmwarexr450r6800_firmwarer8000_firmwarer6250rbk20r6850_firmwarer7450_firmwarer8000rbs20_firmwarer6900pd7800r7900r8000pr6120_firmwarer7200_firmwarerbk40rbr20r6800rbs850dgn2200r6260rbr750r8000p_firmwared6400_firmwarerbk40_firmwarer7400_firmwarer6250_firmwarerax120xr500r7000p_firmwarer6350_firmwared7800_firmwaredc112arbs750_firmwared7000_firmwarerbr750_firmwarerbr40rbs50r6900r7000prbr50_firmwarewnr3500ldgn2200_firmwarerbr50ac2100r7450rbk752rbs750r7960p_firmwarerbr20_firmwaredc112a_firmwarerbk50rbk852_firmwarer6400rbk50_firmwarer7350ac2600_firmwarerbr850_firmwaren/a
CVE-2016-11014
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.44% / 63.47%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 00:26
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jnr1010_firmwarejnr1010n/a
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2021-38530
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-1.66% / 82.20%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 00:00
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs40rbs50y_firmwarerbs40_firmwarerbk20rbr40_firmwarerbs20_firmwarerbs50_firmwarerbs20rbr40rbs50rbs50yrbr50_firmwarerbk40rbr20rbr50rbr20_firmwarerbk50rbk40_firmwarerbk50_firmwarerbk20_firmwaren/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-38513
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.32% / 54.77%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 00:03
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, RBK752 before 3.2.10.10, RBR750 before 3.2.10.10, and RBS750 before 3.2.10.10.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-eax20_firmwarecbr40_firmwarerbs750_firmwaremk62_firmwaremr60mr60_firmwarerbs850_firmwarerbr850mk62rbr750_firmwareeax20cbr40rbs850rbk752_firmwarems60_firmwarerbk752rbr750rbs750rbk852rbk852_firmwarems60rbr850_firmwaren/a
CVE-2021-35973
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.93% / 83.54%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 14:41
Updated-04 Aug, 2024 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the &currentsetting.htm substring to the HTTP query, a related issue to CVE-2020-27866. This directly allows the attacker to change the web UI password, and eventually to enable debug mode (telnetd) and gain a shell on the device as the admin limited-user account (however, escalation to root is simple because of weak permissions on the /etc/ directory).

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wac104_firmwarewac104n/a
CWE ID-CWE-697
Incorrect Comparison
CVE-2016-10174
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-91.07% / 99.65%
||
7 Day CHG~0.00%
Published-30 Jan, 2017 | 04:24
Updated-21 Apr, 2026 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr2000v5r2000wnr2000v3_firmwarewnr2000v4jwnr2010v5jnr1010v2wnr2000v3wnr2000v5_firmwarewnr618r6220_firmwarer7500_firmwarer6100_firmwarejnr1010v2_firmwarewndr4300wndr4700_firmwarewndr4700wnr2020_firmwarewnr614_firmwared7000d6100_firmwarejwnr2010v5_firmwarewndr4300v2wnr1000v4_firmwarewnr2020r6100wnr1000v4wndr4500v3wnr2050jnr3300_firmwared7800_firmwarewnr2000v4_firmwarewndr3700v4_firmwared7000_firmwarer6220wnr1000v2_firmwarewnr2200wndr4500v3_firmwarejnr3300wnr2050_firmwarewndr3800wndr4300_firmwarer2000_firmwarewndr3800_firmwarewnr614wnr618_firmwared6100wnr2500_firmwarewndr4300v2_firmwarewnr1000v2r7500v2_firmwarer7500v2d7800wndr3700v4wnr2500wnr2200_firmwarer7500n/aWNR2000v5 Router
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2016-10115
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.24% / 90.98%
||
7 Day CHG~0.00%
Published-04 Jan, 2017 | 08:10
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default password of 12345678, which makes it easier for remote attackers to obtain access after a factory reset or in a factory configuration.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-vms3xx0vmc3040sarlo_base_station_firmwarearlo_q_plus_camera_firmwarevmk3xx0vmc3040vmb30x0arlo_q_camera_firmwaren/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2021-34236
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.96% / 83.65%
||
7 Day CHG~0.00%
Published-07 Sep, 2022 | 23:58
Updated-04 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow in Netgear R8000 Router with firmware v1.0.4.56 allows remote attackers to execute arbitrary code or cause a denial-of-service by sending a crafted POST to '/bd_genie_create_account.cgi' with a sufficiently long parameter 'register_country'.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8000r8000_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-32122
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 38.49%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 23:58
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, and EX6130 before 1.0.0.44.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-ex3800ex6130_firmwareex3700_firmwareex6120ex3800_firmwareex6130ex6120_firmwareex3700n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-27274
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-9.8||CRITICAL
EPSS-51.30% / 97.91%
||
7 Day CHG~0.00%
Published-29 Mar, 2021 | 20:55
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUploadController class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12124.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-prosafe_network_management_systemProSAFE Network Management System
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-30280
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.46% / 89.17%
||
7 Day CHG~0.00%
Published-26 Apr, 2023 | 00:00
Updated-03 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0.0.26 allows a remote attacker to execute arbitrary code and cause a denial ofservice via the getInputData parameter of the fwSchedule.cgi page.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6900_firmwarer6900r6700_firmwarer6700n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-15636
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-8.1||HIGH
EPSS-19.80% / 95.50%
||
7 Day CHG~0.00%
Published-19 Aug, 2020 | 20:55
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R6400, R6700, R7000, R7850, R7900, R8000, RS400, and XR300 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the check_ra service. A crafted raePolicyVersion in a RAE_Policy.json file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9852.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6700_firmwarer6700Multiple Routers
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2018-21132
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.57% / 68.72%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 19:41
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by authentication bypass. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wac505_firmwarewac510_firmwarewac505wac510n/a
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2018-21137
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.27% / 50.61%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 20:05
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a hardcoded password. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d3600d3600_firmwared6000_firmwared6000n/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2018-21161
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.31% / 54.01%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 20:14
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.34, R7800 before 1.0.2.46, and R9000 before 1.0.3.16.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7800_firmwarer7800r9000_firmwarer7800_firmwared7800r9000n/a
CVE-2018-21153
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.59% / 69.38%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 17:10
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, EX2700 before 1.0.1.32, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.70, EX6200v2 before 1.0.1.62, EX6400 before 1.0.1.78, EX7300 before 1.0.1.62, EX8000 before 1.0.0.114, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.56, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wn2000rpt_firmwarewn3000rpex6400_firmwareex7300_firmwarer8900_firmwared7800r6100_firmwareex6200dm200_firmwarewn3100rp_firmwareex8000wndr4300_firmwarer7500_firmwarewn3100rpwndr4500r6100ex7300ex6100wn3000rp_firmwared7800_firmwaredm200ex8000_firmwarer8900r9000_firmwarewndr4500_firmwarewnr2000_firmwareex2700ex6200_firmwareex6150r7500r9000wn2000rptr7800ex2700_firmwareex6100_firmwarewndr4300r7800_firmwareex6400wnr2000ex6150_firmwaren/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-21134
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.53% / 67.25%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 20:00
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects R6700 before 1.0.1.48, R7900 before 1.0.2.16, R6900 before 1.0.1.48, R7000P before 1.3.1.44, R6900P before 1.3.1.44, R6250 before 1.0.4.30, R6300v2 before 1.0.4.32, R6400 before 1.0.1.44, R6400v2 before 1.0.2.60, R7000 before 1.0.9.34, R7100LG before 1.0.0.48, R7300 before 1.0.0.68, R8000 before 1.0.4.18, R8000P before 1.4.1.24, R7900P before 1.4.1.24, R8500 before 1.0.2.122, R8300 before 1.0.2.122, WN2500RPv2 before 1.0.1.54, EX3700 before 1.0.0.72, EX3800 before 1.0.0.72, EX6000 before 1.0.0.32, EX6100 before 1.0.2.24, EX6120 before 1.0.0.42, EX6130 before 1.0.0.24, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, D7000v2 before 1.0.0.51, D6220 before 1.0.0.46, D6400 before 1.0.0.82, and D8500 before 1.0.3.42.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7300r7300_firmwarer8000r6400_firmwarer6900pex3800_firmwarer7100lgr7900ex6200r8000pex7000ex3700r6900p_firmwared6220r8500_firmwarer7100lg_firmwarer8300r7000_firmwarer8000p_firmwared6400_firmwarewn2500rpwn2500rp_firmwared6220_firmwarer6300_firmwarer7900pr6250_firmwareex6130d8500_firmwareex6000_firmwarer7000p_firmwareex6100r8500d7000ex6130_firmwared8500d7000_firmwarer6700r8300_firmwarer7000ex6200_firmwarer6900r7000pex6150d6400r6900_firmwareex3800r7900_firmwareex6100_firmwareex3700_firmwareex6000r6300ex6120ex7000_firmwarer6400r6700_firmwarer7900p_firmwareex6120_firmwareex6150_firmwarer8000_firmwarer6250n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-21097
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.39% / 59.80%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 15:57
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WAC120 before 2.1.7, WN604 before 3.3.10, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11.4, WNDAP360 before 3.7.11.4, WNDAP660 before 3.7.11.4, WNDAP620 before 2.1.7, and WND930 before 2.1.5.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnd930_firmwarewnap320_firmwarewndap360wnap320wnd930wndap660_firmwarewndap620_firmwarewndap360_firmwarewac505_firmwarewndap350_firmwarewn604_firmwarewac120wn604wac120_firmwarewac505wac510wac510_firmwarewnap210wndap620wndap660wndap350wnap210_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-21133
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.56% / 68.29%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 19:42
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wac505_firmwarewac510_firmwarewac505wac510n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-18471
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-15.52% / 94.73%
||
7 Day CHG~0.00%
Published-19 Jun, 2019 | 15:48
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and MEDION LifeCloud, has an XXE vulnerability that can be chained with an SSRF bug to gain remote command execution as root. It can be triggered by anyone who knows the IP address of the affected device.

Action-Not Available
Vendor-seagateaxentramedionn/aNETGEAR, Inc.
Product-storagoflex_homehipservlifecloudn/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 38
  • 39
  • Next
Details not found