CVE-2022-40620

< 1.0.3.72

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates

7.7HIGH

CVE-2022-40619

< 1.0.3.72

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interfa

7.7HIGH

CVE-2025-52082

all versions

In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow exists in the HTTPD service through the usb_device.cgi endpoint.

6.5MEDIUM

CVE-2025-52081

all versions

In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device

6.5MEDIUM

CVE-2025-52080

all versions

In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device

6.5MEDIUM

CVE-2024-52026

all versions

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_locali

5.7MEDIUM

CVE-2024-52025

all versions

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_locali

5.7MEDIUM

CVE-2024-52024

all versions

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_locali

5.7MEDIUM

CVE-2024-52023

all versions

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_locali

5.7MEDIUM

CVE-2024-52022

all versions

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injectio

8.0HIGH

CVE-2024-52018

all versions

Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at genie_dyn.cgi.

8.0HIGH

CVE-2024-52017

all versions

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at bridge_wireless_main.cgi. This

5.7MEDIUM

CVE-2024-52016

all versions

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vu

5.7MEDIUM

CVE-2024-52015

all versions

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow v

5.7MEDIUM

CVE-2024-52014

all versions

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow v

5.7MEDIUM

CVE-2024-52013

all versions

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow v

5.7MEDIUM

CVE-2024-51022

all versions

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the ssid parameter in bridge_wireless_main.cgi. This vulner

5.7MEDIUM

CVE-2024-51021

all versions

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a command injection vulnerability via

8.0HIGH

CVE-2024-51016

all versions

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the addName%d parameter in usb_approve.cgi. This vulnerabil

5.7MEDIUM

CVE-2024-51014

all versions

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the ssid_an parameter in bridge_wireless_main.cgi. This vul

5.7MEDIUM

CVE-2024-51011

all versions

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_locali

5.7MEDIUM

CVE-2024-51010

all versions

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injectio

8.0HIGH

CVE-2024-51008

all versions

Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at wiz_dyn.cgi. T

8.0HIGH

CVE-2024-51007

all versions

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at wireless.cgi. This vulnerabilit

5.7MEDIUM

CVE-2024-51003

all versions

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vu

5.7MEDIUM

CVE-2024-51002

all versions

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow v

5.7MEDIUM

CVE-2024-50997

all versions

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow v

5.7MEDIUM

CVE-2024-50996

all versions

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow v

5.7MEDIUM

CVE-2021-34983

< 1.0.3.68

NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerabili

6.5MEDIUM

CVE-2021-34982

< 1.0.3.68

NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-

8.8HIGH

CVE-2023-36499

all versions

Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_w

8.8HIGH

CVE-2022-27643

< 1.0.3.72

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.

8.8HIGH

CVE-2021-45639

< 1.0.3.50

Certain NETGEAR devices are affected by reflected XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.32, EAX80 before 1.0

5.2MEDIUM

CVE-2021-45625

< 1.0.3.68

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects XR300 before 1.0.3.68, R700

9.6CRITICAL

CVE-2021-45624

< 1.0.3.56

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.66, D8

9.6CRITICAL

CVE-2021-45622

< 1.0.3.68

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR7

9.6CRITICAL

CVE-2021-45621

< 1.0.3.68

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR7

9.6CRITICAL

CVE-2021-45620

< 1.0.3.68

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR7

9.6CRITICAL

CVE-2021-45617

< 1.0.3.68

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, EAX2

9.8CRITICAL

CVE-2021-45612

< 1.0.3.68

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR7

9.6CRITICAL

CVE-2021-45611

< 1.0.3.68

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects DC112A before 1.0.0.52, R64

9.6CRITICAL

CVE-2021-45610

< 1.0.3.68

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.66, D640

9.6CRITICAL

CVE-2021-45609

< 1.0.3.68

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D8500 before 1.0.3.58, R625

9.6CRITICAL

CVE-2021-45605

< 1.0.3.50

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6400 before 1.0.1.68

6.0MEDIUM

CVE-2021-45527

< 1.0.3.56

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.68, D6400 befo

9.6CRITICAL

CVE-2021-45512

< 1.0.3.50

Certain NETGEAR devices are affected by weak cryptography. This affects D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, EX3700 bef

8.6HIGH

CVE-2021-34991

< 1.0.3.68

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.

8.8HIGH

CVE-2021-38528

< 1.0.3.56

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D8500 before 1.0.3.58, R690

9.6CRITICAL

CVE-2021-38517

< 1.0.3.50

Certain NETGEAR devices are affected by out-of-bounds reads and writes. This affects R6400 before 1.0.1.70, RAX75 before 1.0.4.120

6.9MEDIUM

CVE-2021-27239

< 1.0.3.56

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400 and R670

8.8HIGH

CVE-2021-29068

< 1.0.3.50

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6700v3 before 1.0.4.98, R6400v2

9.9CRITICAL

CVE-2020-35800

< 1.0.3.50

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400

9.4CRITICAL

CVE-2020-35798

< 1.0.3.50

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6

9.3CRITICAL

CVE-2020-35796

< 1.0.3.50

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects CBR40 before 2.5.0.10, D622

8.8HIGH

CVE-2020-35795

< 1.0.3.50

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects AC2100 before 1.2.0.72, AC2

9.8CRITICAL

CVE-2020-28373

all versions

upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. This a

8.8HIGH

CVE-2020-13245

>= v1.0.9.6_1.2.19 and <= v1.0.11.100_10.2.100

Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_1

5.9MEDIUM