Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-0413

Summary
Assigner-NETGEAR
Assigner Org ID-a2826606-91e7-4eb6-899e-8484bd4575d5
Published At-09 Jun, 2026 | 15:50
Updated At-11 Jun, 2026 | 05:13
Rejected At-
Credits

Buffer overflow vulnerability in certain NETGEAR Nighthawk routers

A buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:NETGEAR
Assigner Org ID:a2826606-91e7-4eb6-899e-8484bd4575d5
Published At:09 Jun, 2026 | 15:50
Updated At:11 Jun, 2026 | 05:13
Rejected At:
▼CVE Numbering Authority (CNA)
Buffer overflow vulnerability in certain NETGEAR Nighthawk routers

A buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.

Affected Products
Vendor
NETGEAR, Inc.NETGEAR
Product
RBE370
Default Status
unaffected
Versions
Affected
  • From 0 before V12.1.2.1 (custom)
Vendor
NETGEAR, Inc.NETGEAR
Product
RBE770
Default Status
unaffected
Versions
Affected
  • From 0 before V10.5.20.10 (custom)
Vendor
NETGEAR, Inc.NETGEAR
Product
RBR750
Default Status
unaffected
Versions
Affected
  • From 0 before V7.2.8.5 (custom)
Vendor
NETGEAR, Inc.NETGEAR
Product
RBR840
Default Status
unaffected
Versions
Affected
  • From 0 before V7.2.8.5 (custom)
Vendor
NETGEAR, Inc.NETGEAR
Product
RBR850
Default Status
unaffected
Versions
Affected
  • From 0 before V7.2.8.5 (custom)
Vendor
NETGEAR, Inc.NETGEAR
Product
RBR860
Default Status
unaffected
Versions
Affected
  • From 0 before V7.2.8.5 (custom)
Vendor
NETGEAR, Inc.NETGEAR
Product
RBRE950
Default Status
unaffected
Versions
Affected
  • From 0 before V7.2.8.5 (custom)
Vendor
NETGEAR, Inc.NETGEAR
Product
RBRE960
Default Status
unaffected
Versions
Affected
  • From 0 before V7.2.8.5 (custom)
Vendor
NETGEAR, Inc.NETGEAR
Product
RBS750
Default Status
unaffected
Versions
Affected
  • From 0 before V7.2.8.5 (custom)
Vendor
NETGEAR, Inc.NETGEAR
Product
RBS840
Default Status
unaffected
Versions
Affected
  • From 0 before V7.2.8.5 (custom)
Vendor
NETGEAR, Inc.NETGEAR
Product
RBS850
Default Status
unaffected
Versions
Affected
  • From 0 before V7.2.8.5 (custom)
Vendor
NETGEAR, Inc.NETGEAR
Product
RBS860
Default Status
unaffected
Versions
Affected
  • From 0 before V7.2.8.5 (custom)
Vendor
NETGEAR, Inc.NETGEAR
Product
RBSE950
Default Status
unaffected
Versions
Affected
  • From 0 before V7.2.8.5 (custom)
Vendor
NETGEAR, Inc.NETGEAR
Product
RBSE960
Default Status
unaffected
Versions
Affected
  • From 0 before V7.2.8.5 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121 Stack-based buffer overflow
Type: CWE
CWE ID: CWE-121
Description: CWE-121 Stack-based buffer overflow
Metrics
VersionBase scoreBase severityVector
4.04.3MEDIUM
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
Version: 4.0
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-122CAPEC-122 Privilege Abuse
CAPEC ID: CAPEC-122
Description: CAPEC-122 Privilege Abuse
Solutions

Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in: ProductFixed VersionRBE37X Orbi Dual-band Mesh WiFi 7 System – 370 Series V12.1.2.1 https://www.netgear.com/support/product/rbe372/ RBE77X Orbi Tri-band Mesh WiFi 7 Add-on Satellite V10.5.20.10 https://www.netgear.com/support/product/rbe770/ RBR750 Orbi WiFi 6 Router AX4200 V7.2.8.5 https://www.netgear.com/support/product/rbr750/ RBR840 (EoS) Orbi WiFi 6 System AX5700 V7.2.8.5 https://www.netgear.com/support/product/rbr840/ RBR850 Orbi WiFi 6 Router AX6000 V7.2.8.5 https://www.netgear.com/support/product/rbr850/ RBR860 Orbi Tri-band Mesh WiFi 6 Router – 860 Series V7.2.8.5 https://www.netgear.com/support/product/rbr860/ RBRE950 Orbi Quad-band Mesh WiFi 6E Router V7.2.8.5 https://www.netgear.com/support/product/rbre950/ RBRE960 Orbi Quad-band Mesh WiFi 6E Router V7.2.8.5 https://www.netgear.com/support/product/rbre960/ RBS750 Orbi WiFi 6 Add-on Satellite AX4200 V7.2.8.5 https://www.netgear.com/support/product/rbs750/ RBS840 (EoS) Orbi WiFi 6 Add-on Satellite AX5700 V7.2.8.5 https://www.netgear.com/support/product/rbs840/ RBS850 Orbi WiFi 6 Satellite AX6000 V7.2.8.5 https://www.netgear.com/support/product/rbs850/ RBS860 Orbi Tri-band Mesh WiFi 6 Add-on Satellite – 860 Series V7.2.8.5 https://www.netgear.com/support/product/rbs860/ RBSE950 Orbi Quad-band Mesh WiFi 6E Add-on Satellite V7.2.8.5 https://www.netgear.com/support/product/rbse950/ RBSE960 Orbi Quad-band Mesh WiFi 6E Add-on Satellite V7.2.8.5 https://www.netgear.com/support/product/rbse960/ Models marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support.

Configurations
Workarounds
Exploits
Credits
finder
tmotfl
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.netgear.com/support/product/rbe770/
product
patch
https://www.netgear.com/support/product/rbe372/
product
patch
https://www.netgear.com/support/product/rbr750/
product
patch
https://www.netgear.com/support/product/rbr840/
product
patch
https://www.netgear.com/support/product/rbre950/
product
patch
https://www.netgear.com/support/product/rbr850/
product
patch
https://www.netgear.com/support/product/rbre960/
product
patch
https://www.netgear.com/support/product/rbr860/
product
patch
https://www.netgear.com/support/product/rbse960/
product
patch
https://www.netgear.com/support/product/rbs750/
product
patch
https://www.netgear.com/support/product/rbse950/
product
patch
https://www.netgear.com/support/product/rbs840/
product
patch
https://www.netgear.com/support/product/rbs860/
product
patch
https://www.netgear.com/support/product/rbs850/
product
patch
https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory
vendor-advisory
Hyperlink: https://www.netgear.com/support/product/rbe770/
Resource:
product
patch
Hyperlink: https://www.netgear.com/support/product/rbe372/
Resource:
product
patch
Hyperlink: https://www.netgear.com/support/product/rbr750/
Resource:
product
patch
Hyperlink: https://www.netgear.com/support/product/rbr840/
Resource:
product
patch
Hyperlink: https://www.netgear.com/support/product/rbre950/
Resource:
product
patch
Hyperlink: https://www.netgear.com/support/product/rbr850/
Resource:
product
patch
Hyperlink: https://www.netgear.com/support/product/rbre960/
Resource:
product
patch
Hyperlink: https://www.netgear.com/support/product/rbr860/
Resource:
product
patch
Hyperlink: https://www.netgear.com/support/product/rbse960/
Resource:
product
patch
Hyperlink: https://www.netgear.com/support/product/rbs750/
Resource:
product
patch
Hyperlink: https://www.netgear.com/support/product/rbse950/
Resource:
product
patch
Hyperlink: https://www.netgear.com/support/product/rbs840/
Resource:
product
patch
Hyperlink: https://www.netgear.com/support/product/rbs860/
Resource:
product
patch
Hyperlink: https://www.netgear.com/support/product/rbs850/
Resource:
product
patch
Hyperlink: https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:a2826606-91e7-4eb6-899e-8484bd4575d5
Published At:09 Jun, 2026 | 17:16
Updated At:11 Jun, 2026 | 07:16

A buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.04.3MEDIUM
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-121Secondarya2826606-91e7-4eb6-899e-8484bd4575d5
CWE ID: CWE-121
Type: Secondary
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisorya2826606-91e7-4eb6-899e-8484bd4575d5
N/A
https://www.netgear.com/support/product/rbe372/a2826606-91e7-4eb6-899e-8484bd4575d5
N/A
https://www.netgear.com/support/product/rbe770/a2826606-91e7-4eb6-899e-8484bd4575d5
N/A
https://www.netgear.com/support/product/rbr750/a2826606-91e7-4eb6-899e-8484bd4575d5
N/A
https://www.netgear.com/support/product/rbr840/a2826606-91e7-4eb6-899e-8484bd4575d5
N/A
https://www.netgear.com/support/product/rbr850/a2826606-91e7-4eb6-899e-8484bd4575d5
N/A
https://www.netgear.com/support/product/rbr860/a2826606-91e7-4eb6-899e-8484bd4575d5
N/A
https://www.netgear.com/support/product/rbre950/a2826606-91e7-4eb6-899e-8484bd4575d5
N/A
https://www.netgear.com/support/product/rbre960/a2826606-91e7-4eb6-899e-8484bd4575d5
N/A
https://www.netgear.com/support/product/rbs750/a2826606-91e7-4eb6-899e-8484bd4575d5
N/A
https://www.netgear.com/support/product/rbs840/a2826606-91e7-4eb6-899e-8484bd4575d5
N/A
https://www.netgear.com/support/product/rbs850/a2826606-91e7-4eb6-899e-8484bd4575d5
N/A
https://www.netgear.com/support/product/rbs860/a2826606-91e7-4eb6-899e-8484bd4575d5
N/A
https://www.netgear.com/support/product/rbse950/a2826606-91e7-4eb6-899e-8484bd4575d5
N/A
https://www.netgear.com/support/product/rbse960/a2826606-91e7-4eb6-899e-8484bd4575d5
N/A
Hyperlink: https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Resource: N/A
Hyperlink: https://www.netgear.com/support/product/rbe372/
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Resource: N/A
Hyperlink: https://www.netgear.com/support/product/rbe770/
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Resource: N/A
Hyperlink: https://www.netgear.com/support/product/rbr750/
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Resource: N/A
Hyperlink: https://www.netgear.com/support/product/rbr840/
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Resource: N/A
Hyperlink: https://www.netgear.com/support/product/rbr850/
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Resource: N/A
Hyperlink: https://www.netgear.com/support/product/rbr860/
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Resource: N/A
Hyperlink: https://www.netgear.com/support/product/rbre950/
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Resource: N/A
Hyperlink: https://www.netgear.com/support/product/rbre960/
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Resource: N/A
Hyperlink: https://www.netgear.com/support/product/rbs750/
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Resource: N/A
Hyperlink: https://www.netgear.com/support/product/rbs840/
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Resource: N/A
Hyperlink: https://www.netgear.com/support/product/rbs850/
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Resource: N/A
Hyperlink: https://www.netgear.com/support/product/rbs860/
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Resource: N/A
Hyperlink: https://www.netgear.com/support/product/rbse950/
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Resource: N/A
Hyperlink: https://www.netgear.com/support/product/rbse960/
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

20Records found
CVE-2026-0414
Matching Score-8
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
ShareView Details
Matching Score-8
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 6.86%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 15:50
Updated-11 Jun, 2026 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient Input Validation Allows Unauthorized Modification of Router Software in certain NETGEAR Routers

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-RBE970
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-0415
Matching Score-8
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
ShareView Details
Matching Score-8
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 16.39%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 15:50
Updated-10 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient input validation vulnerability in certain Orbi routers

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-RBR850RBRE960RBSE950RBS750RBS860RBSE960RBS840RBRE950RBR750RBR860RBR840RBS850RBE970
CWE ID-CWE-20
Improper Input Validation
CVE-2023-34285
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.52% / 67.06%
||
7 Day CHG-0.58%
Published-03 May, 2024 | 01:57
Updated-03 Jan, 2025 | 17:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 cmsCli_authenticate Stack-based Buffer Overflow Remote Code Execution Vulnerability

NETGEAR RAX30 cmsCli_authenticate Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within a shared library used by the telnetd service, which listens on TCP port 23 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19918.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27368
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.05% / 16.93%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:56
Updated-03 Jan, 2025 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability

NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the soap_serverd binary. When parsing SOAP message headers, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19839.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-27239
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-2.59% / 85.92%
||
7 Day CHG~0.00%
Published-29 Mar, 2021 | 21:05
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R6700 firmware version 1.0.4.98 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the upnpd service, which listens on UDP port 1900 by default. A crafted MX header field in an SSDP message can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11851.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6400_firmwarer7100lgr6900p_firmwared6220ex7500_firmwarer7100lg_firmwarer7960pr8300r8500_firmwarers400r7000_firmwared6220_firmwarer6300_firmwared8500_firmwarer7900pd7000d8500r6700rbs850_firmwarerbr850r7000rax80_firmwarewnr3500l_firmwared6400r7900_firmwareex7000_firmwarer6700_firmwarer7900p_firmwarer8000_firmwarer6250rbs40v_firmwareex7500rax80rs400_firmwarer8000rax75ex7000r6900pr7900r8000pwndr3400rbs850rbr750r8000p_firmwared6400_firmwarer7850rax200r6250_firmwarer7000p_firmwarerax200_firmwarer8500dc112arbs40vrbs750_firmwarer7850_firmwarewndr3400_firmwared7000_firmwarer8300_firmwarexr300rbr750_firmwarer7000pwnr3500lxr300_firmwarerbs750r7960p_firmwaredc112a_firmwarerax75_firmwarer6300r6400rbr850_firmwareMultiple Routers
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2020-15416
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-16.31% / 94.98%
||
7 Day CHG~0.00%
Published-28 Jul, 2020 | 17:10
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9703.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6700_firmwarer6700R6700
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2021-34991
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.30% / 53.30%
||
7 Day CHG~0.00%
Published-15 Nov, 2021 | 15:40
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. When parsing the uuid request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14110.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax48_firmwarerax15r6400_firmwarer7100lgex3700rax50r6900p_firmwared6220r8300r7100lg_firmwarerax45r8500_firmwarer7960prs400d7000v2r7000_firmwarerax40v2_firmwarer6700v3rax20r6700v3_firmwarerax50s_firmwared6220_firmwareex6130r7900prax20_firmwareraxe500rax50swndr3400v3raxe450rax35v2rax38v2_firmwarerax40v2rax43_firmwarerax42r6400v2r7000rax43rax80_firmwared6400dgn2200v4ex3800ex3700_firmwareraxe450_firmwareex6120rax48r7900p_firmwarer8000_firmwarerax80rs400_firmwarer8000rax75r6900pex3800_firmwarer8000pdgn2200v4_firmwarer8000p_firmwarewndr3400v3_firmwared6400_firmwarer7850rax200r7000p_firmwarerax200_firmwarer8500dc112aex6130_firmwarerax38v2r7850_firmwarecax80_firmwarer8300_firmwarerax42_firmwared7000v2_firmwarewnr3500lv2xr300r7000pcax80r6400v2_firmwarexr300_firmwarerax35v2_firmwareraxe500_firmwarer7960p_firmwarewnr3500lv2_firmwarerax15_firmwaredc112a_firmwarerax75_firmwarerax50_firmwarer6400rax45_firmwareex6120_firmwareR6400v2
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-27646
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8||HIGH
EPSS-12.82% / 94.18%
||
7 Day CHG~0.00%
Published-29 Mar, 2023 | 00:00
Updated-18 Feb, 2025 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15879.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-cbr40_firmwarerax80rs400_firmwarer8000rax75rbr40_firmwarerbs20_firmwarer6400_firmwarer6900pr8000pr6900p_firmwarerbr20r7960prs400r7000_firmwarer8000p_firmwarer7850rax200r7000p_firmwarerax200_firmwarerbs40rbs40_firmwarer7850_firmwarerbr10_firmwarerbr10r6700rbs10_firmwarelbr20_firmwarer7000rax80_firmwarelbr1020_firmwarerbs20rbr40rbs50_firmwarer7000prbs50rbr50_firmwarecbr40rbr50r7960p_firmwarelbr20rbr20_firmwarerbs10rax75_firmwarer6400r6700_firmwarelbr1020r8000_firmwareR6700v3
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2020-15636
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.1||HIGH
EPSS-19.80% / 95.59%
||
7 Day CHG~0.00%
Published-19 Aug, 2020 | 20:55
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R6400, R6700, R7000, R7850, R7900, R8000, RS400, and XR300 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the check_ra service. A crafted raePolicyVersion in a RAE_Policy.json file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9852.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6700_firmwarer6700Multiple Routers
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2020-15417
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-6.3||MEDIUM
EPSS-0.26% / 49.48%
||
7 Day CHG~0.00%
Published-28 Jul, 2020 | 17:10
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. A crafted gui_region in a string table file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9756.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6700_firmwarer6700R6700
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2020-15635
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.34% / 57.43%
||
7 Day CHG~0.00%
Published-19 Aug, 2020 | 20:55
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the acsd service, which listens on TCP port 5916 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-9853.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6700_firmwarer6700R6700
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2020-10924
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-66.77% / 98.57%
||
7 Day CHG~0.00%
Published-28 Jul, 2020 | 17:10
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9643.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6700_firmwarer6700R6700
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2023-27369
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.14% / 33.89%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:56
Updated-03 Jan, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability

NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the soap_serverd binary. When parsing the request headers, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19840.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-51635
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-2.36% / 85.26%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 20:04
Updated-03 Jan, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability

NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within fing_dil service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19843.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34978
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.25% / 49.00%
||
7 Day CHG+0.07%
Published-13 Jan, 2022 | 21:44
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. A crafted SOAP request can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13511.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6260r6260_firmwareR6260
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34982
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-5.57% / 90.49%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 22:54
Updated-14 Aug, 2025 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability

NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13709.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-ex6120r7000p_firmwarerax35v2v6510-1fxaus_firmwarerax45_firmwarerax15_firmwarev6510-1fxausex3700r7000pex7000_firmwarer8000_firmwareex6120_firmwarems80rax38v2_firmwared7000v2rax48_firmwarer6400_firmwarerax80r6400v2rax50srax35v2_firmwarer6700v3ex6130_firmwarer7000_firmwarers400r7850_firmwarer8300_firmwaredgn2200v4rax15d6220_firmwarerax200_firmwarer7850ex3800_firmwaremr80_firmwarers400_firmwarerax20_firmwarer8000p_firmwarerax40v2_firmwarer6900p_firmwarer7100lg_firmwared6400_firmwarerax43r7900plax20_firmwarewndr3400v3_firmwarexr300_firmwarer6900pex3700_firmwarerax20rax42_firmwareraxe450mr60raxe500_firmwaremr60_firmwarerax50dgn2200v4_firmwarexr300dc112alax20r7100lgms80_firmwarer6400v2_firmwarerax43_firmwarerax45rax75rax75_firmwarerax48rax50s_firmwarerax40v2ex7500_firmwared7000v2_firmwarerax200wnr3500lv2_firmwarer6700v3_firmwarems60ms60_firmwarer7900p_firmwarer6400rax80_firmwarexr1000r7000r8000wnr3500lv2rax50_firmwareex7500ex7000ex6130r7960p_firmwarer7960pmr80ex3800wndr3400v3raxe450_firmwarer8000pr8500rax38v2raxe500r8300d6400rax42r8500_firmwarexr1000_firmwared6220dc112a_firmwareMultiple Routersmultiple_router_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-34980
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-0.30% / 54.09%
||
7 Day CHG+0.08%
Published-13 Jan, 2022 | 21:44
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setupwizard.cgi page. When parsing the SOAP_LOGIN_TOKEN environment variable, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14107.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6260_firmwarer6260R6260
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-44445
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8.8||HIGH
EPSS-3.22% / 87.34%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:14
Updated-07 Aug, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR CAX30 SSO Stack-based Buffer Overflow Remote Code Execution Vulnerability

NETGEAR CAX30 SSO Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sso binary. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19058.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-cax30_firmwarecax30CAX30CAX30
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-40478
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-8||HIGH
EPSS-0.34% / 57.13%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 02:11
Updated-03 Jan, 2025 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerability

NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the telnet CLI service, which listens on TCP port 23. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20009.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-27361
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-6.8||MEDIUM
EPSS-0.26% / 50.18%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 01:56
Updated-03 Jan, 2025 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NETGEAR RAX30 rex_cgi JSON Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

NETGEAR RAX30 rex_cgi JSON Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of JSON data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19355.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax30_firmwarerax30RAX30rax30_firmware
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
Details not found