Shodan
Vulnerabilities
Vulnerable Software
Netgear:  Security Vulnerabilities
CVE-2022-30078
NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 and R6300_V2 firmware versions through R6300v2-V1.0.4.52_10.0.93 allow remote authenticated attackers to execute arbitrary command via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameters.
CVSS Score
8.8
EPSS Score
0.016
Published
2022-09-07
CVE-2022-31876
netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies.
CVSS Score
5.3
EPSS Score
0.005
Published
2022-06-17
CVE-2022-29383
NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi.
CVSS Score
9.8
EPSS Score
0.752
Published
2022-05-13
CVE-2022-27945
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to password.cgi.
CVSS Score
8.8
EPSS Score
0.05
Published
2022-03-26
CVE-2022-27946
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_account.cgi.
CVSS Score
8.8
EPSS Score
0.014
Published
2022-03-26
CVE-2022-27947
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameter.
CVSS Score
8.8
EPSS Score
0.05
Published
2022-03-26
CVE-2022-24655
A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1.2.6, and DC112A 1.0.0.62, which may lead to the execution of arbitrary code without authentication.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-03-18
CVE-2021-44261
A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device.
CVSS Score
5.3
EPSS Score
0.016
Published
2022-03-17
CVE-2021-44262
A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information for the device.
CVSS Score
7.5
EPSS Score
0.007
Published
2022-03-17
CVE-2021-46382
Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-03-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved