Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
CVSS Score
4.9
EPSS Score
0.003
Published
2026-06-09
A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device.
CVSS Score
6.9
EPSS Score
0.003
Published
2026-06-09
Insufficient input validation vulnerability in the listed NETGEAR devices allows
authenticated administrators connected to the local network to tamper with
the router's integrity.
CVSS Score
4.3
EPSS Score
0.003
Published
2026-06-09
Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network
to tamper with the system.
CVSS Score
4.3
EPSS Score
0.003
Published
2026-06-09
Authenticated administrators connected to the local network can gain
elevated access to the router and make unauthorized changes to router
software and functionality.
CVSS Score
1.9
EPSS Score
0.002
Published
2026-06-09
Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter.
CVSS Score
8.4
EPSS Score
0.141
Published
2024-10-11
NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.
. Was ZDI-CAN-13709.
CVSS Score
8.8
EPSS Score
0.006
Published
2024-05-07
NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13708.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-05-07
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 1.0.0.52_1.0.38 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP messages. The issue results from a lack of authentication required for a privileged request. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13325.
CVSS Score
6.5
EPSS Score
0.009
Published
2022-01-25
NETGEAR XR1000 devices before 1.0.0.58 are affected by disclosure of sensitive information.
CVSS Score
9.6
EPSS Score
0.01
Published
2021-12-26
Page 1