Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary code via unspecified vectors.

Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary commands via unspecified vectors.

Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypass authentication and change the login password via unspecified vectors.

Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary code via unspecified vectors.

CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.

Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors.

Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.

Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors.

The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack.