Search Results (1343 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-10116 1 Netgear 8 Arlo Base Station Firmware, Arlo Q Camera Firmware, Arlo Q Plus Camera Firmware and 5 more 2025-04-12 N/A
NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier use a pattern of adjective, noun, and three-digit number for the customized password, which makes it easier for remote attackers to obtain access via a dictionary attack.
CVE-2016-1525 1 Netgear 1 Prosafe Network Management Software 300 2025-04-12 N/A
Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter.
CVE-2013-3069 1 Netgear 2 Wndr4700, Wndr4700 Firmware 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page.
CVE-2016-5675 2 Netgear, Nuuo 4 Readynas Surveillance, Crystal, Nvrmini 2 and 1 more 2025-04-12 N/A
handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.
CVE-2016-1524 1 Netgear 1 Prosafe Network Management Software 300 2025-04-12 N/A
Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI.
CVE-2016-5674 2 Netgear, Nuuo 3 Readynas Surveillance, Nvrmini 2, Nvrsolo 2025-04-12 N/A
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.
CVE-2013-4775 1 Netgear 11 Prosafe Firmware, Prosafe Gs510tp, Prosafe Gs724t and 8 more 2025-04-11 N/A
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to read encrypted administrator credentials and other startup configurations via a direct request to filesystem/startup-config.
CVE-2012-2439 1 Netgear 1 Prosafe Fvs318n 2025-04-11 N/A
The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors.
CVE-2013-2752 1 Netgear 1 Raidiator 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in frontview/lib/np_handler.pl in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to hijack the authentication of users.
CVE-2013-2751 1 Netgear 1 Raidiator 2025-04-11 N/A
Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow."
CVE-2011-1674 1 Netgear 2 Prosafe Wnap210, Prosafe Wnap210 Firmware 2025-04-11 N/A
The NetGear ProSafe WNAP210 with firmware 2.0.12 allows remote attackers to bypass authentication and obtain access to the configuration page by visiting recreate.php and then visiting index.php.
CVE-2013-4776 1 Netgear 5 Prosafe Firmware, Prosafe Gs510tp, Prosafe Gs724t and 2 more 2025-04-11 N/A
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/.
CVE-2011-1673 1 Netgear 2 Prosafe Wnap210, Prosafe Wnap210 Firmware 2025-04-11 N/A
BackupConfig.php on the NetGear ProSafe WNAP210 allows remote attackers to obtain the administrator password by reading the configuration file.
CVE-2022-48196 1 Netgear 18 R6400v2, R6400v2 Firmware, R6700v3 and 15 more 2025-04-10 7.4 High
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.122, R6900P before 1.3.3.152, R7000P before 1.3.3.152, R7000 before 1.0.11.136, R7960P before 1.4.4.94, and R8000P before 1.4.4.94.
CVE-2024-30568 1 Netgear 2 R6850, R6850 Firmware 2025-04-04 9.8 Critical
Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter.
CVE-2024-30569 1 Netgear 2 R6850, R6850 Firmware 2025-04-04 7.5 High
An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required.
CVE-2024-30570 1 Netgear 2 R6850, R6850 Firmware 2025-04-04 5.3 Medium
An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required.
CVE-2024-30571 1 Netgear 2 R6850, R6850 Firmware 2025-04-04 7.5 High
An information leak in the BRS_top.html component of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required.
CVE-2024-30572 1 Netgear 2 R6850, R6850 Firmware 2025-04-04 8 High
Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntp_server parameter.
CVE-2022-47052 1 Netgear 2 Ac1200 R6220, Ac1200 R6220 Firmware 2025-04-01 6.1 Medium
The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi Router' is vulnerable to a CRLF Injection attack that can be leveraged to perform Reflected XSS and HTML Injection. A malicious unauthenticated attacker can exploit this vulnerability using a specially crafted URL. This affects firmware versions: V1.1.0.112_1.0.1, V1.1.0.114_1.0.1.