Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-44194

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-22 Nov, 2022 | 00:00
Updated At-29 Apr, 2025 | 04:01
Rejected At-
Credits

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters apmode_dns1_pri and apmode_dns1_sec.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:22 Nov, 2022 | 00:00
Updated At:29 Apr, 2025 | 04:01
Rejected At:
▼CVE Numbering Authority (CNA)

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters apmode_dns1_pri and apmode_dns1_sec.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://netgear.com
N/A
https://www.netgear.com/about/security/
N/A
http://routerlogin.net/WLG_ap_dual_band.htm
N/A
https://github.com/RobinWang825/IoT_vuln/tree/main/Netgear/R7000P/11
N/A
Hyperlink: http://netgear.com
Resource: N/A
Hyperlink: https://www.netgear.com/about/security/
Resource: N/A
Hyperlink: http://routerlogin.net/WLG_ap_dual_band.htm
Resource: N/A
Hyperlink: https://github.com/RobinWang825/IoT_vuln/tree/main/Netgear/R7000P/11
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://netgear.com
x_transferred
https://www.netgear.com/about/security/
x_transferred
http://routerlogin.net/WLG_ap_dual_band.htm
x_transferred
https://github.com/RobinWang825/IoT_vuln/tree/main/Netgear/R7000P/11
x_transferred
Hyperlink: http://netgear.com
Resource:
x_transferred
Hyperlink: https://www.netgear.com/about/security/
Resource:
x_transferred
Hyperlink: http://routerlogin.net/WLG_ap_dual_band.htm
Resource:
x_transferred
Hyperlink: https://github.com/RobinWang825/IoT_vuln/tree/main/Netgear/R7000P/11
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787 Out-of-bounds Write
Type: CWE
CWE ID: CWE-787
Description: CWE-787 Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:22 Nov, 2022 | 14:15
Updated At:29 Apr, 2025 | 04:15

Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameters apmode_dns1_pri and apmode_dns1_sec.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
NETGEAR, Inc.
netgear
>>r7000p_firmware>>1.3.0.8
cpe:2.3:o:netgear:r7000p_firmware:1.3.0.8:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>r7000p>>-
cpe:2.3:h:netgear:r7000p:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-787Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-787
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://netgear.comcve@mitre.org
Vendor Advisory
http://routerlogin.net/WLG_ap_dual_band.htmcve@mitre.org
Third Party Advisory
https://github.com/RobinWang825/IoT_vuln/tree/main/Netgear/R7000P/11cve@mitre.org
Exploit
Third Party Advisory
https://www.netgear.com/about/security/cve@mitre.org
Vendor Advisory
http://netgear.comaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://routerlogin.net/WLG_ap_dual_band.htmaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://github.com/RobinWang825/IoT_vuln/tree/main/Netgear/R7000P/11af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
https://www.netgear.com/about/security/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://netgear.com
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://routerlogin.net/WLG_ap_dual_band.htm
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://github.com/RobinWang825/IoT_vuln/tree/main/Netgear/R7000P/11
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.netgear.com/about/security/
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://netgear.com
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://routerlogin.net/WLG_ap_dual_band.htm
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://github.com/RobinWang825/IoT_vuln/tree/main/Netgear/R7000P/11
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.netgear.com/about/security/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2338Records found
CVE-2021-33514
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-24.21% / 95.86%
||
7 Day CHG~0.00%
Published-21 May, 2021 | 22:10
Updated-03 Aug, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?token=';$HTTP_USER_AGENT;' with an OS command in the User-Agent field. This affects GC108P before 1.0.7.3, GC108PP before 1.0.7.3, GS108Tv3 before 7.0.6.3, GS110TPPv1 before 7.0.6.3, GS110TPv3 before 7.0.6.3, GS110TUPv1 before 1.0.4.3, GS710TUPv1 before 1.0.4.3, GS716TP before 1.0.2.3, GS716TPP before 1.0.2.3, GS724TPPv1 before 2.0.4.3, GS724TPv2 before 2.0.4.3, GS728TPPv2 before 6.0.6.3, GS728TPv2 before 6.0.6.3, GS752TPPv1 before 6.0.6.3, GS752TPv2 before 6.0.6.3, MS510TXM before 1.0.2.3, and MS510TXUP before 1.0.2.3.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-gs710tup_firmwaregc108p_firmwaregs108tv3gs724tpgs110tupgs110tppgs716tppms510txup_firmwaregs752tppms510txupgs728tp_firmwaregs716tp_firmwarems510txm_firmwaregs728tpp_firmwarems510txmgs728tpgs110tpp_firmwaregs752tp_firmwaregc108pgs716tpp_firmwaregs110tpgs752tpgs710tupgc108ppgs724tpp_firmwaregs110tup_firmwaregs724tppgs728tppgc108pp_firmwaregs752tpp_firmwaregs110tp_firmwaregs108t_firmwaregs716tpgs724tp_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-57233
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.65% / 81.28%
||
7 Day CHG~0.00%
Published-05 May, 2025 | 00:00
Updated-07 May, 2025 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax50_firmwarerax50n/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-54808
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.27%
||
7 Day CHG-0.09%
Published-31 Mar, 2025 | 00:00
Updated-17 Apr, 2025 | 12:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear WNR854T 1.5.2 (North America) contains a stack-based buffer overflow vulnerability in the SetDefaultConnectionService function due to an unconstrained use of sscanf. The vulnerability allows for control of the program counter and can be utilized to achieve arbitrary code execution.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr854t_firmwarewnr854tn/a
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2024-54807
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.47% / 63.64%
||
7 Day CHG-0.18%
Published-31 Mar, 2025 | 00:00
Updated-17 Apr, 2025 | 13:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Netgear WNR854T 1.5.2 (North America), the UPNP service is vulnerable to command injection in the function addmap_exec which parses the NewInternalClient parameter of the AddPortMapping SOAPAction into a system call without sanitation. An attacker can send a specially crafted SOAPAction request for AddPortMapping via the router's WANIPConn1 service to achieve arbitrary command execution.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr854t_firmwarewnr854tn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-54804
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.78% / 72.78%
||
7 Day CHG-0.29%
Published-31 Mar, 2025 | 00:00
Updated-17 Apr, 2025 | 13:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter wan_hostname and forcing a reboot. This will result in command injection.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr854t_firmwarewnr854tn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-32122
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 39.25%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 23:58
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by CSRF. This affects EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, and EX6130 before 1.0.0.44.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-ex3800ex6130_firmwareex3700_firmwareex6120ex3800_firmwareex6130ex6120_firmwareex3700n/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-3316
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.23% / 45.61%
||
7 Day CHG~0.00%
Published-29 Jan, 2020 | 21:15
Updated-06 Aug, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg".

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr1000_firmwarewnr1000n/a
CWE ID-CWE-287
Improper Authentication
CVE-2023-1327
Matching Score-8
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-8
Assigner-Tenable Network Security, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 30.31%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 00:00
Updated-27 Feb, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device's web management interface by resetting the admin password.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax30_firmwarerax30Netgear RAX30 (AX2400)
CWE ID-CWE-287
Improper Authentication
CVE-2023-27361
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-6.8||MEDIUM
EPSS-3.98% / 87.94%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:56
Updated-03 Jan, 2025 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 rex_cgi JSON Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

NETGEAR RAX30 rex_cgi JSON Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of JSON data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19355.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27369
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.04% / 10.54%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:56
Updated-03 Jan, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability

NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the soap_serverd binary. When parsing the request headers, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19840.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-37234
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.86%
||
7 Day CHG~0.00%
Published-22 Sep, 2022 | 18:26
Updated-27 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncpy.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7000r7000_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-45604
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.5||MEDIUM
EPSS-0.08% / 25.03%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:38
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects CBR750 before 3.2.18.2, D6220 before 1.0.0.68, D6400 before 1.0.0.102, D8500 before 1.0.3.60, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.50, R6400 before 1.0.1.68, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax40rax15lax20r6400_firmwarerax35rax50r6900p_firmwared6220rax35_firmwarer7960prax45rs400r7000_firmwarerax20d6220_firmwarer6300_firmwared8500_firmwarer7900prax20_firmwarerax40_firmwaremr60d8500rax43_firmwarer6700cbr750rbs850_firmwarerbr850r7000rax43rax80_firmwarecbr750_firmwared6400rbk752_firmwarer7900_firmwarerbk852r6700_firmwarer7900p_firmwarelax20_firmwarems60r8000_firmwarexr1000_firmwarerax80xr1000rs400_firmwarer8000rax75mk62r6900pr7900r8000prbs850ms60_firmwarerbr750r8000p_firmwared6400_firmwarer7850rax200r7000p_firmwarerax200_firmwarerbs750_firmwaremk62_firmwarer7850_firmwaremr60_firmwarerbr750_firmwarer7000prbk752rbs750r7960p_firmwarerax15_firmwarerax75_firmwarer6300rax50_firmwarer6400rax45_firmwarerbk852_firmwarerbr850_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-38523
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.66% / 70.11%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 00:01
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR R6400 devices before 1.0.1.70 are affected by a stack-based buffer overflow by an authenticated user.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6400r6400_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-38525
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.50% / 64.93%
||
7 Day CHG~0.00%
Published-11 Aug, 2021 | 00:01
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.36, D7000 before 1.0.1.70, EX6200v2 before 1.0.1.78, EX7000 before 1.0.1.78, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6050 before 1.0.1.18, R6080 before 1.0.0.42, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6300v2 before 1.0.4.34, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, and XR500 before 2.3.2.40.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d6000_firmwarer6120r8900_firmwarer6220_firmwarepr2000r6080_firmwareex7000ex6200r6900pex8000r6120_firmwarer6900p_firmwared3600_firmwarer6800r6050pr2000_firmwarer6260_firmwarer6260r7000_firmwarer6220r6020d3600xr500_firmwarer6300_firmwarer6020_firmwarexr500r7000p_firmwared7000ex8000_firmwarer8900r9000_firmwarer6080d7000_firmwarer6700r7000d6000ex6200_firmwarer6900r7000pr9000d6200_firmwarer6900_firmwarer6050_firmwarer7800d6200jr6150_firmwarejr6150ex7000_firmwarer6300r7800_firmwarer6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20736
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.24% / 47.19%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 19:14
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6000 before 1.0.0.72, D6100 before 1.0.0.63, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8900r9000_firmwared6000_firmwarewndr3700r8900_firmwarewndr3700_firmwarewndr4500_firmwarewnr2000_firmwared6000r9000wndr4300_firmwarer7800d6100_firmwared6100wndr4500xr500_firmwarewndr4300r7800_firmwarewnr2000xr500n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-18730
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.46% / 63.07%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 12:53
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6120 before 1.0.0.36, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d6200_firmwarer6800r6900_firmwarer6900r6080r6020r6120d6200r6700r6080_firmwarer6700_firmwarer6020_firmwarer6800_firmwarer6120_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20748
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.30% / 52.84%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 20:58
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.44, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, and RBS50 before 2.3.0.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs40d7800_firmwarerbs40_firmwarerbk20rbs20_firmwared7800rbs20rbs50_firmwarerbs50r7500rbr50_firmwarerbk40r7500_firmwarerbr20rbr50r7800rbr20_firmwarerbk50rbk40_firmwarer7800_firmwarerbk50_firmwarerbk20_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20753
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.33% / 55.55%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 21:06
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects DGN2200v1 before 1.0.0.58, D8500 before 1.0.3.42, D7000v2 before 1.0.0.51, D6400 before 1.0.0.78, D6220 before 1.0.0.44, JNDR3000 before 1.0.0.24, R8000 before 1.0.4.18, R8500 before 1.0.2.122, R8300 before 1.0.2.122, R7900 before 1.0.2.16, R7000P before 1.3.2.34, R7300DST before 1.0.0.68, R7100LG before 1.0.0.46, R6900P before 1.3.2.34, R7000 before 1.0.9.28, R6900 before 1.0.1.46, R6700 before 1.0.1.46, R6400v2 before 1.0.2.56, R6400 before 1.0.1.42, R6300v2 before 1.0.4.28, R6250 before 1.0.4.26, WNDR3400v3 before 1.0.1.22, WNDR4500v2 before 1.0.0.72, and WNR3500Lv2 before 1.2.0.50.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8000r6400_firmwarer6900pr7100lgr7900r6900p_firmwarewndr3400d6220r8500_firmwarer8300r7300dst_firmwarer7100lg_firmwaredgn2200r7000_firmwared6400_firmwarewndr4500r7300dstd6220_firmwarer6300_firmwared8500_firmwarer6250_firmwarer7000p_firmwarer8500d7000d8500wndr3400_firmwared7000_firmwarer6700r8300_firmwarer7000wndr4500_firmwarewnr3500l_firmwarer6900d6400jndr3000_firmwarejndr3000r7000pwnr3500ldgn2200_firmwarer6900_firmwarer7900_firmwarer6300r6400r6700_firmwarer8000_firmwarer6250n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34978
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.19% / 40.72%
||
7 Day CHG~0.00%
Published-13 Jan, 2022 | 21:44
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. A crafted SOAP request can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13511.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6260r6260_firmwareR6260
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34982
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-4.18% / 88.25%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-14 Aug, 2025 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability

NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13709.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-ex6120r7000p_firmwarerax35v2v6510-1fxaus_firmwarerax45_firmwarerax15_firmwarev6510-1fxausex3700r7000pex7000_firmwarer8000_firmwareex6120_firmwarems80rax38v2_firmwared7000v2rax48_firmwarer6400_firmwarerax80r6400v2rax50srax35v2_firmwarer6700v3ex6130_firmwarer7000_firmwarers400r7850_firmwarer8300_firmwaredgn2200v4rax15d6220_firmwarerax200_firmwarer7850ex3800_firmwaremr80_firmwarers400_firmwarerax20_firmwarer8000p_firmwarerax40v2_firmwarer6900p_firmwarer7100lg_firmwared6400_firmwarerax43r7900plax20_firmwarewndr3400v3_firmwarexr300_firmwarer6900pex3700_firmwarerax20rax42_firmwareraxe450mr60raxe500_firmwaremr60_firmwarerax50dgn2200v4_firmwarexr300dc112alax20r7100lgms80_firmwarer6400v2_firmwarerax43_firmwarerax45rax75rax75_firmwarerax48rax50s_firmwarerax40v2ex7500_firmwared7000v2_firmwarerax200wnr3500lv2_firmwarer6700v3_firmwarems60ms60_firmwarer7900p_firmwarer6400rax80_firmwarexr1000r7000r8000wnr3500lv2rax50_firmwareex7500ex7000ex6130r7960p_firmwarer7960pmr80ex3800wndr3400v3raxe450_firmwarer8000pr8500rax38v2raxe500r8300d6400rax42r8500_firmwarexr1000_firmwared6220dc112a_firmwareMultiple Routersmultiple_router_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-48176
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.67%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 00:00
Updated-28 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7960p_firmwarer7960pr8000pr7000p_firmwarems60_firmwarer6900p_firmwarer8000p_firmwarer6900pr7000pmr60mr60_firmwarems60n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-48725
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-7.2||HIGH
EPSS-26.04% / 96.08%
||
7 Day CHG-2.97%
Published-07 Mar, 2024 | 14:59
Updated-11 Mar, 2025 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30rax30_firmwareRAX30rax30_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-29075
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 34.99%
||
7 Day CHG~0.00%
Published-23 Mar, 2021 | 06:59
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbw30_firmwarerbs750_firmwarerbs850_firmwarerbr850rbr750_firmwarerbw30rbk853_firmwarerbk854rbs850rbk752_firmwarerbk754_firmwarerbk753_firmwarerbk752rbk854_firmwarerbr750rbs750rbk754rbk853rbk753rbk753srbk852rbk852_firmwarerbk753s_firmwarerbr850_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-29074
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.14% / 34.99%
||
7 Day CHG~0.00%
Published-23 Mar, 2021 | 06:59
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects RBW30 before 2.6.2.2, RBK852 before 3.2.17.12, RBK853 before 3.2.17.12, RBK854 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, RBK753 before 3.2.17.12, RBK753S before 3.2.17.12, RBK754 before 3.2.17.12, RBR750 before 3.2.17.12, and RBS750 before 3.2.17.12.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbw30_firmwarerbs750_firmwarerbs850_firmwarerbr850rbr750_firmwarerbw30rbk853_firmwarerbk854rbs850rbk752_firmwarerbk754_firmwarerbk753_firmwarerbk752rbk854_firmwarerbr750rbs750rbk754rbk853rbk753rbk753srbk852rbk852_firmwarerbk753s_firmwarerbr850_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-29073
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.6||HIGH
EPSS-0.10% / 27.32%
||
7 Day CHG~0.00%
Published-23 Mar, 2021 | 06:59
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R8000P before 1.4.1.66, MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, R7960P before 1.4.1.66, R7900P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, and RAX200 before 1.0.3.106.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax200_firmwarerax80mk62_firmwarerax15mr60mr60_firmwarerax75r7900pmk62rax80_firmwarer8000prax50r7960pms60_firmwarerax45r8000p_firmwarer7960p_firmwarerax15_firmwarerax20rax200rax75_firmwarerax50_firmwarerax45_firmwarerax20_firmwarems60r7900p_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34991
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.56% / 67.45%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 15:40
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. When parsing the uuid request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14110.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax48_firmwarerax15r6400_firmwarer7100lgex3700rax50r6900p_firmwared6220r8300r7100lg_firmwarerax45r8500_firmwarer7960prs400d7000v2r7000_firmwarerax40v2_firmwarer6700v3rax20r6700v3_firmwarerax50s_firmwared6220_firmwareex6130r7900prax20_firmwareraxe500rax50swndr3400v3raxe450rax35v2rax38v2_firmwarerax40v2rax43_firmwarerax42r6400v2r7000rax43rax80_firmwared6400dgn2200v4ex3800ex3700_firmwareraxe450_firmwareex6120rax48r7900p_firmwarer8000_firmwarerax80rs400_firmwarer8000rax75r6900pex3800_firmwarer8000pdgn2200v4_firmwarer8000p_firmwarewndr3400v3_firmwared6400_firmwarer7850rax200r7000p_firmwarerax200_firmwarer8500dc112aex6130_firmwarerax38v2r7850_firmwarecax80_firmwarer8300_firmwarerax42_firmwared7000v2_firmwarewnr3500lv2xr300r7000pcax80r6400v2_firmwarexr300_firmwarerax35v2_firmwareraxe500_firmwarer7960p_firmwarewnr3500lv2_firmwarerax15_firmwaredc112a_firmwarerax75_firmwarerax50_firmwarer6400rax45_firmwareex6120_firmwareR6400v2
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-51635
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-1.87% / 82.36%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 20:04
Updated-03 Jan, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability

NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within fing_dil service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19843.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-44445
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-2.40% / 84.45%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:14
Updated-07 Aug, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR CAX30 SSO Stack-based Buffer Overflow Remote Code Execution Vulnerability

NETGEAR CAX30 SSO Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sso binary. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19058.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-cax30_firmwarecax30CAX30CAX30
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-18727
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.27% / 50.33%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:02
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6200 before 1.1.00.24, R6700v2 before 1.1.0.42, R6800 before 1.1.0.42, and R6900v2 before 1.1.0.42.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d6200_firmwarer6800r6900_firmwarer6900r6700d6200r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-18751
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.50% / 80.38%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 15:21
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.28, R6100 before 1.0.1.16, R7500 before 1.0.0.112, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.88, WNDR4300 before 1.0.2.90, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7800_firmwarer9000_firmwarewndr3700wndr3700_firmwarewndr4500_firmwared7800r6100_firmwarer9000r7500wndr4300_firmwarer7500_firmwarer7800wndr4500r6100wndr4300r7800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-21200
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.14% / 34.99%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 15:06
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40 and R9000 before 1.0.3.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7800r7800_firmwarer9000_firmwarer9000n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-21176
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.40% / 60.13%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 19:40
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7500 before 1.0.0.122, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r9000_firmwarewndr3700wndr3700_firmwarewndr4500_firmwarewnr2000_firmwarer6100_firmwarer9000r7500wndr4300_firmwarer7500_firmwarer7800d6100_firmwared6100wndr4500r6100wndr4300r7800_firmwarewnr2000n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-21147
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.30% / 52.84%
||
7 Day CHG~0.00%
Published-21 Apr, 2020 | 21:06
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR4300v2 before 1.0.0.54, and WNDR4500v3 before 1.0.0.54.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7500_firmwared7800_firmwarer7800r8900r9000_firmwarewndr4500r9000r8900_firmwarewndr4300r7800_firmwarewndr4500_firmwared7800r7500wndr4300_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-21180
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 32.53%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 20:10
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7800r9000_firmwarewndr3700d6100_firmwared6100wndr4500wnr2000wndr3700_firmwarewndr4300r7800_firmwarewndr4500_firmwarewnr2000_firmwarer9000wndr4300_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-21177
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.50% / 64.93%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 19:48
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r9000_firmwarewndr3700wndr3700_firmwarewndr4500_firmwarewnr2000_firmwarer6100_firmwarer9000wndr4300_firmwarer7800d6100_firmwared6100wndr4500r6100wndr4300r7800_firmwarewnr2000n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20755
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.24% / 47.19%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 21:08
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6220 before 1.0.0.46, D6400 before 1.0.0.80, D7000v2 before 1.0.0.51, D8500 before 1.0.3.42, DGN2200v1 before 1.0.0.58, DGN2200B before 1.0.0.58, JNDR3000 before 1.0.0.24, RBW30 before 2.1.4.16, R6250 before 1.0.4.26, R6300v2 before 1.0.4.28, R6400 before 1.0.1.42, R6400v2 before 1.0.2.56, R6700 before 1.0.1.46, R6900 before 1.0.1.46, R7000 before 1.0.9.32, R6900P before 1.3.1.44, R7100LG before 1.0.0.46, R7300DST before 1.0.0.68, R7000P before 1.3.1.44, R7900 before 1.0.2.16, R8000P before 1.4.0.10, R7900P before 1.4.0.10, R8300 before 1.0.2.122, R8500 before 1.0.2.122, R8000 before 1.0.4.18, WNDR3400v3 before 1.0.1.22, WNDR4500v2 before 1.0.0.72, WNR3500Lv2 before 1.2.0.54, WN3100RP before 1.0.0.20, and WN2500RPv2 before 1.0.1.54.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbw30_firmwarer8000r6400_firmwarer6900pr7100lgr7900rbw30r8000pwn3100rp_firmwarer6900p_firmwarewndr3400d6220r8300r7100lg_firmwarer7300dst_firmwarer8500_firmwarewn3100rpdgn2200r7000_firmwarer8000p_firmwared6400_firmwarewndr4500wn2500rpwn2500rp_firmwarer7300dstd6220_firmwarer6300_firmwared8500_firmwarer6250_firmwaredgn2200b_firmwarer7900pr7000p_firmwarer8500d7000d8500wndr3400_firmwared7000_firmwaredgn2200br6700r8300_firmwarer7000wndr4500_firmwarewnr3500l_firmwarer6900d6400jndr3000_firmwarejndr3000r7000pwnr3500ldgn2200_firmwarer6900_firmwarer7900_firmwarer6300r6400r6700_firmwarer7900p_firmwarer8000_firmwarer6250n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-21197
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.10% / 29.17%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 15:03
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D7800 before 1.0.1.34, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7800_firmwarer9000_firmwarewndr3700wndr3700_firmwarewndr4500_firmwared7800r6100_firmwarewnr2000_firmwarer9000r7500wndr4300_firmwarer7500_firmwarer7800wndr4500r6100wndr4300r7800_firmwarewnr2000n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-21172
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.12% / 32.53%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 17:38
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7800r9000_firmwarewndr3700wndr4500wnr2000wndr3700_firmwarewndr4300r7800_firmwarewndr4500_firmwarewnr2000_firmwarer9000wndr4300_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-24655
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.63%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 10:12
Updated-03 Aug, 2024 | 04:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1.2.6, and DC112A 1.0.0.62, which may lead to the execution of arbitrary code without authentication.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-dc112aex6100_firmwarecax80_firmwaredc112a_firmwareex6200ex6200_firmwarecax80ex6100n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-5934
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-8.7||HIGH
EPSS-0.23% / 45.65%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 03:31
Updated-20 Jun, 2025 | 13:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netgear EX3700 mtd sub_41619C stack-based overflow

A vulnerability was found in Netgear EX3700 up to 1.0.0.88. It has been classified as critical. Affected is the function sub_41619C of the file /mtd. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.0.98 is able to address this issue. It is recommended to upgrade the affected component. This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-ex3700ex3700_firmwareEX3700
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27368
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.04% / 10.54%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:56
Updated-03 Jan, 2025 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability

NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the soap_serverd binary. When parsing SOAP message headers, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19839.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-28373
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.11% / 30.02%
||
7 Day CHG~0.00%
Published-09 Nov, 2020 | 21:32
Updated-04 Aug, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. This affects R6400v2 V1.0.4.102_10.0.75, R6400 V1.0.1.62_1.0.41, R7000P V1.3.2.126_10.1.66, XR300 V1.0.3.50_10.3.36, R8000 V1.0.4.62, R8300 V1.0.2.136, R8500 V1.0.2.136, R7300DST V1.0.0.74, R7850 V1.0.5.64, R7900 V1.0.4.30, RAX20 V1.0.2.64, RAX80 V1.0.3.102, and R6250 V1.0.4.44.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8500rax80r7850_firmwarer8300_firmwarer6400v2r8000xr300r6400_firmwarerax80_firmwarer7900r7000pr6250r6400v2_firmwarer8300r8500_firmwarer7300dst_firmwarexr300_firmwarer7900_firmwarer7850rax20r7300dstr6400rax20_firmwarer6250_firmwarer8000_firmwarer7000p_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-26913
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.21% / 43.37%
||
7 Day CHG~0.00%
Published-09 Oct, 2020 | 06:30
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.63, R7800 before 1.0.2.60, R8900 before 1.0.4.26, R9000 before 1.0.4.26, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, SRK60 before 2.2.2.20, SRR60 before 2.2.2.20, SRS60 before 2.2.2.20, WN3000RPv2 before 1.0.0.78, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.70, XR450 before 2.3.2.40, and XR500 before 2.3.2.40.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wndr4500v3_firmwarewndr4500v3wn3000rpv2rbk20wndr4300v2srr60srk60r8900_firmwarerbs20_firmwaresrr60_firmwarerbk40rbr20wnr2000v5_firmwared6100_firmwaresrs60_firmwaresrs60xr500_firmwarerbk40_firmwarexr450_firmwarexr500rbs40r8900r9000_firmwarerbs40_firmwarewn3000rpv2_firmwarewndr4300v2_firmwarerbs50_firmwarerbs20rbs50r9000rbr50_firmwarerbr50r7800srk60_firmwared6100rbr20_firmwarewnr2000v5rbk50r7800_firmwarerbk50_firmwarerbk20_firmwarexr450n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-40478
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8||HIGH
EPSS-0.34% / 56.06%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:11
Updated-03 Jan, 2025 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerability

NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the telnet CLI service, which listens on TCP port 23. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20009.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20740
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.34% / 56.16%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 19:19
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, R7300 before 1.0.0.70, R8300 before 1.0.2.130, and R8500 before 1.0.2.130.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-dgnd2200bdgnd2200b_firmwaredgn2200_firmwarer8300r8500_firmwarer8500r7300dgn2200r7300_firmwarer8300_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20692
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.23% / 45.57%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:28
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.44, D6400 before 1.0.0.78, D7000v2 before 1.0.0.51, D8500 before 1.0.3.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6250 before 1.0.4.26, R6300v2 before 1.0.4.28, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.46, R6900 before 1.0.1.46, R7000 before 1.0.9.28, R6900P before 1.3.1.44, R7000P before 1.3.1.44, R7100LG before 1.0.0.46, R7300DST before 1.0.0.68, R7900 before 1.0.2.10, R8000 before 1.0.4.12, R7900P before 1.3.0.10, R8000P before 1.3.0.10, R8300 before 1.0.2.122, R8500 before 1.0.2.122, WN2500RPv2 before 1.0.1.54, WNDR3400v3 before 1.0.1.22, and WNR3500Lv2 before 1.2.0.54.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6400_firmwareex6200r7100lgex3700r6900p_firmwared6220r8300r7100lg_firmwarer7300dst_firmwarer8500_firmwarer7000_firmwarer7300dstd6220_firmwarer6300_firmwared8500_firmwareex6130r7900pex6000_firmwaredgnd2200b_firmwared7000d8500r6700r7000wnr3500l_firmwareex6200_firmwareex6150d6400r6900_firmwareex3800r7900_firmwareex3700_firmwareex6000ex7000_firmwareex6120r6700_firmwarer7900p_firmwareex6150_firmwarer8000_firmwarer6250r8000ex3800_firmwareex7000r6900pr7900r8000pwndr3400dgn2200r8000p_firmwared6400_firmwarewn2500rpwn2500rp_firmwarer6250_firmwareex6100r7000p_firmwarer8500ex6130_firmwarewndr3400_firmwared7000_firmwarer8300_firmwarer6900r7000pwnr3500ldgnd2200bdgn2200_firmwareex6100_firmwarer6300r6400ex6120_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20683
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.65% / 69.91%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:15
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.32, D7000 before 1.0.1.68, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr2020_firmwared6000_firmwarer6120wnr2020r6220_firmwarepr2000r6080_firmwarer6120_firmwared3600_firmwarer6800r6050pr2000_firmwarer6260_firmwarer6260r6220r6020d3600xr500_firmwarer6020_firmwarexr500d7000r6080d7000_firmwarer6700d6000r6900d6200_firmwarer6900_firmwarer6050_firmwared6200jr6150_firmwarejr6150r6700_firmwarer6800_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20723
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.24% / 47.19%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 17:05
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D6100 before 1.0.0.63, DM200 before 1.0.0.58, EX2700 before 1.0.1.48, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, R7800 before 1.0.2.52, R8900 before 1.0.4.2, R9000 before 1.0.4.2, WN2000RPTv3 before 1.0.1.32, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.68, and XR500 before 2.3.2.32.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wn2000rpt_firmwarewn3000rpd6000_firmwareex6400_firmwareex7300_firmwarer8900_firmwareex6200dm200_firmwarewn3100rp_firmwareex8000wndr4300_firmwared3600_firmwarewn3100rpd6100_firmwarewndr4500d3600xr500_firmwarexr500ex6100ex7300wn3000rp_firmwaredm200ex8000_firmwarer8900r9000_firmwarewndr4500_firmwarewnr2000_firmwareex2700ex6200_firmwared6000ex6150r9000wn2000rptr7800ex2700_firmwareex6100_firmwared6100wndr4300r7800_firmwareex6400wnr2000ex6150_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20716
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.23% / 45.26%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 15:42
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects DGN2200v4 before 1.0.0.110 and DGND2200Bv4 before 1.0.0.109.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-dgnd2200bdgnd2200b_firmwaredgn2200_firmwaredgn2200n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-20700
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.6||MEDIUM
EPSS-0.39% / 59.43%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 14:37
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.44, D6400 before 1.0.0.78, D7000v2 before 1.0.0.51, D8500 before 1.0.3.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.110, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6250 before 1.0.4.26, R6300v2 before 1.0.4.28, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.46, R6900 before 1.0.1.46, R7000 before 1.0.9.28, R7900 before 1.0.2.10, R8000 before 1.0.4.12, R8300 before 1.0.2.122, R8500 before 1.0.2.122, R6900P before 1.3.1.64, R7000P before 1.3.1.64, R7100LG before 1.0.0.46, R7300DST before 1.0.0.68, R7900P before 1.3.0.10, R8000P before 1.3.0.10, WN2500RPv2 before 1.0.1.54, WNDR3400v3 before 1.0.1.22, and WNR3500Lv2 before 1.2.0.54.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6400_firmwareex6200r7100lgex3700r6900p_firmwared6220r8300r8500_firmwarer7100lg_firmwarer7300dst_firmwarer7000_firmwarer7300dstd6220_firmwarer6300_firmwared8500_firmwareex6130r7900pex6000_firmwaredgnd2200b_firmwared7000d8500r6700r7000wnr3500l_firmwareex6200_firmwareex6150d6400r6900_firmwareex3800r7900_firmwareex3700_firmwareex6000ex7000_firmwareex6120r6700_firmwarer7900p_firmwareex6150_firmwarer8000_firmwarer6250r8000ex3800_firmwareex7000r6900pr7900r8000pwndr3400dgn2200r8000p_firmwared6400_firmwarewn2500rpwn2500rp_firmwarer6250_firmwareex6100r7000p_firmwarer8500ex6130_firmwarewndr3400_firmwared7000_firmwarer8300_firmwarer6900r7000pwnr3500ldgnd2200bdgn2200_firmwareex6100_firmwarer6300r6400ex6120_firmwaren/a
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 46
  • 47
  • Next
Details not found