Show filters
35 Total Results
Displaying 31-35 of 35
Sort by:
Attacker Value
Unknown

CVE-2019-20700

Disclosure Date: April 16, 2020 (last updated February 21, 2025)
Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.44, D6400 before 1.0.0.78, D7000v2 before 1.0.0.51, D8500 before 1.0.3.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.110, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30, EX6100 before 1.0.2.24, EX6120 before 1.0.0.40, EX6130 before 1.0.0.22, EX6150v1 before 1.0.0.42, EX6200 before 1.0.3.88, EX7000 before 1.0.0.66, R6250 before 1.0.4.26, R6300v2 before 1.0.4.28, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.46, R6900 before 1.0.1.46, R7000 before 1.0.9.28, R7900 before 1.0.2.10, R8000 before 1.0.4.12, R8300 before 1.0.2.122, R8500 before 1.0.2.122, R6900P before 1.3.1.64, R7000P before 1.3.1.64, R7100LG before 1.0.0.46, R7300DST before 1.0.0.68, R7900P before 1.3.0.10, R8000P before 1.3.0.10, WN2500RPv2 before 1.0.1.54, WNDR3400v3 before 1.0.1.22, and WNR3500Lv2 before 1.2.0.54.
Attack Vector: LocalPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2013-3516

Disclosure Date: November 13, 2019 (last updated November 27, 2024)
NETGEAR WNR3500U and WNR3500L routers uses form tokens abased solely on router's current date and time, which allows attackers to guess the CSRF tokens.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2013-3517

Disclosure Date: November 13, 2019 (last updated November 27, 2024)
Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U and WNR3500L.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2013-4657

Disclosure Date: November 13, 2019 (last updated November 27, 2024)
Symlink Traversal vulnerability in NETGEAR WNR3500U and WNR3500L due to misconfiguration in the SMB service.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-17372

Disclosure Date: October 09, 2019 (last updated November 27, 2024)
Certain NETGEAR devices allow remote attackers to disable all authentication requirements by visiting genieDisableLanChanged.cgi. The attacker can then, for example, visit MNU_accessPassword_recovered.html to obtain a valid new admin password. This affects AC1450, D8500, DC112A, JNDR3000, LG2200D, R4500, R6200, R6200V2, R6250, R6300, R6300v2, R6400, R6700, R6900P, R6900, R7000P, R7000, R7100LG, R7300, R7900, R8000, R8300, R8500, WGR614v10, WN2500RPv2, WNDR3400v2, WNDR3700v3, WNDR4000, WNDR4500, WNDR4500v2, WNR1000, WNR1000v3, WNR3500L, and WNR3500L.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  < Previous