Netgear: >> Wndr4700 Firmware Security Vulnerabilities
NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass.
CVSS Score
9.8
EPSS Score
0.012
Published
2020-01-28
NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device crash).
CVSS Score
7.5
EPSS Score
0.005
Published
2020-01-28
An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN.
CVSS Score
7.5
EPSS Score
0.02
Published
2019-11-14
An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal.
CVSS Score
9.8
EPSS Score
0.016
Published
2019-11-14
A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34.
CVSS Score
9.8
EPSS Score
0.067
Published
2019-11-14
CVE-2016-10174
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.
Known exploited
CVSS Score
9.8
EPSS Score
0.918
Published
2017-01-30
Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page.
CVSS Score
3.5
EPSS Score
0.002
Published
2014-04-25