Netgear Networking products
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Netgear product.
RSS Feeds for Netgear security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Netgear products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Netgear Sorted by Most Security Vulnerabilities since 2018
Known Exploited Netgear Vulnerabilities
The following Netgear vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| NETGEAR Multiple Devices Exposure of Sensitive Information Vulnerability |
Multiple NETGEAR devices are prone to admin password disclosure via simple crafted requests to the web management server. CVE-2017-5521 Exploit Probability: 93.8% |
September 8, 2022 |
| NETGEAR Multiple Devices Buffer Overflow Vulnerability |
Multiple NETGEAR devices contain a buffer overflow vulnerability that allow for authentication bypass and remote code execution. CVE-2017-6862 Exploit Probability: 37.5% |
June 8, 2022 |
| NETGEAR DGN2200 Devices OS Command Injection Vulnerability |
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands CVE-2017-6334 Exploit Probability: 89.2% |
March 25, 2022 |
| NETGEAR Multiple WAP Devices Command Injection Vulnerability |
Multiple NETGEAR Wireless Access Point devices allows unauthenticated web pages to pass form input directly to the command-line interface. Exploitation allows for arbitrary code execution. CVE-2016-1555 Exploit Probability: 94.3% |
March 25, 2022 |
| NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability |
The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution. CVE-2016-10174 Exploit Probability: 89.8% |
March 25, 2022 |
| NETGEAR DGN2200 Remote Code Execution Vulnerability |
NETGEAR DGN2200 wireless routers contain a vulnerability which allows for remote code execution. CVE-2017-6077 Exploit Probability: 86.1% |
March 7, 2022 |
| NETGEAR Multiple Routers Remote Code Execution Vulnerability |
NETGEAR confirmed multiple routers allow unauthenticated web pages to pass form input directly to the command-line interface, permitting remote code execution. CVE-2016-6277 Exploit Probability: 94.3% |
March 7, 2022 |
| Netgear ProSAFE Plus JGS516PE Remote Code Execution vulnerability |
NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level. CVE-2020-26919 Exploit Probability: 94.2% |
November 3, 2021 |
Of the known exploited vulnerabilities above, 7 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. The vulnerability CVE-2017-6862: NETGEAR Multiple Devices Buffer Overflow Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.
By the Year
In 2026 there have been 7 vulnerabilities in Netgear. Last year, in 2025 Netgear had 62 security vulnerabilities published. Right now, Netgear is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 7 | 0.00 |
| 2025 | 62 | 9.21 |
| 2024 | 85 | 8.04 |
| 2023 | 10 | 8.73 |
| 2022 | 25 | 8.96 |
| 2021 | 6 | 8.22 |
| 2020 | 16 | 9.80 |
| 2019 | 1 | 0.00 |
It may take a day or so for new Netgear vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Netgear Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-24714 | Jan 30, 2026 |
NETGEAR Router Telnet Enable Vulnerability (Magic Packet)Some end of service NETGEAR products provide "TelnetEnable" functionality, which allows a magic packet to activate telnet service on the box. |
|
| CVE-2026-0404 | Jan 13, 2026 |
Insufficient Input Validation in NETGEAR Orbi DHCPv6 Allows OS InjectionAn insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is not enabled by default. |
Rbre960
Rbse960
Rbr850
And others... |
| CVE-2026-0408 | Jan 13, 2026 |
NETGEAR WiFi Range Extender Path Traversal Exposes CredentialsA path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file, which records the username and password submitted to the router GUI. |
Ex5000
Ex3110
Ex6110
And others... |
| CVE-2026-0407 | Jan 13, 2026 |
Insufficient Auth CVE-2026-0407 in NETGEAR WiFi ExtenderAn insufficient authentication vulnerability in NETGEAR WiFi range extenders allows a network adjacent attacker with WiFi authentication or a physical Ethernet port connection to bypass the authentication process and access the admin panel. |
Ex5000
Ex3110
Ex6110
And others... |
| CVE-2026-0406 | Jan 13, 2026 |
Netgear XR1000v2 LAN OS Command InjectionAn insufficient input validation vulnerability in the NETGEAR XR1000v2 allows attackers connected to the router's LAN to execute OS command injections. |
Xr1000v2
|
| CVE-2026-0405 | Jan 13, 2026 |
Auth Bypass in NETGEAR Orbi LAN AccessAn authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin. |
Rbe970
Rbe971
Cbr750
And others... |
| CVE-2026-0403 | Jan 13, 2026 |
Insufficient Input Validation OS Command Injection in NETGEAR Orbi Router (LAN)An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN to execute OS command injections. |
Rbr750
Rbs750
Rbre960
And others... |
| CVE-2025-12946 | Dec 09, 2025 |
NETGEAR Nighthawk Speedtest DNS-MITM (RS7001.0.7.82, RAXV1.1.6.36)A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques (MiTM) to manipulate DNS responses and execute commands when speedtests are run. This issue affects RS700: through 1.0.7.82; RAX54Sv2 : before V1.1.6.36; RAX41v2: before V1.1.6.36; RAX50: before V1.2.14.114; RAXE500: before V1.2.14.114; RAX41: before V1.0.17.142; RAX43: before V1.0.17.142; RAX35v2: before V1.0.17.142; RAXE450: before V1.2.14.114; RAX43v2: before V1.1.6.36; RAX42: before V1.0.17.142; RAX45: before V1.0.17.142; RAX50v2: before V1.1.6.36; MR90: before V1.0.2.46; MS90: before V1.0.2.46;RAX42v2: before V1.1.6.36; RAX49S: before V1.1.6.36. |
Rs700
Rax54sv2
Rax41v2
And others... |
| CVE-2025-12945 | Dec 09, 2025 |
NETGEAR Nighthawk R7000P 1.3.3.154 Auth cmd injectionA vulnerability in NETGEAR Nighthawk R7000P routers lets an authenticated admin execute OS command injections due to improper input validation. This issue affects R7000P: through 1.3.3.154. |
R7000p
|
| CVE-2025-12941 | Dec 09, 2025 |
NETGEARC 6220/6230 DOCSIS 3.0 Router DoS: Authenticated WiFi Users Can RebootDenial of Service Vulnerability in NETGEARC6220andC6230(DOCSIS® 3.0 Two-in-one Cable Modem + WiFi Router) allows authenticated local WiFi users reboot the router. |
C6220
C6230
|
| CVE-2025-12944 | Nov 11, 2025 |
NETGEAR DGN2200v4 RCE via Improper Input Validation (FW <1.0.0.132)Improper input validation in NETGEAR DGN2200v4 (N300 Wireless ADSL2+ Modem Router) allows attackers with direct network access to the device to potentially execute code on the device. Please check the firmware version and update to the latest. Fixed in: DGN2200v4 firmware 1.0.0.132 or later |
Dgn2200v4
|
| CVE-2025-12943 | Nov 11, 2025 |
NETGEAR RAX30/RAXE300 Improper Cert Validation in Firmware Update logicImproper certificate validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream AX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band WiFi 6E Router) allows attackers with the ability to intercept and tamper traffic destined to the device to execute arbitrary commands on the device. Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update to the latest. Fixed in: RAX30 firmware 1.0.14.108 or later. RAXE300 firmware 1.0.9.82 or later |
Rax30
Raxe300
|
| CVE-2025-12942 | Nov 11, 2025 |
NETGEAR R6260/R6850 DNS MiTM via Improper Input Validation before 1.1.0.86Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86. |
R6260
R6850
|
| CVE-2025-12940 | Nov 11, 2025 |
NETGEAR WAX610/WAX610Y Credential Logging via Syslog (10.8.11.4)Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points). An user having access to the syslog server can read the logs containing these credentials. This issue affects WAX610: before 10.8.11.4; WAX610Y: before 10.8.11.4. Devices managed with Insight get automatic updates. If not, please check the firmware version and update to the latest. Fixed in: WAX610 firmware 11.8.0.10 or later. WAX610Y firmware 11.8.0.10 or later. |
Wax610
Wax610y
|
| CVE-2013-10060 | Aug 01, 2025 |
Netgear DGN2200B Router RCE via pppoe.cgi command injection (<=1.0.0.36)An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the pppoe_username parameter. This flaw allows full compromise of the device and may persist across reboots unless configuration is restored. |
Dgn2200b Firmware
|
| CVE-2013-10061 | Aug 01, 2025 |
Netgear DGN1000B OS Command Injection via TimeToLive (v1.1.00.24-45)An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neutralization, enabling command injection through crafted POST requests. This flaw enables remote attackers to deploy payloads or manipulate system state post-authentication. |
Dgn1000v3 Firmware
|
| CVE-2013-10063 | Aug 01, 2025 |
Netgear SPH200D Path Traversal <=1.0.4.80A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions <= 1.0.4.80 in its embedded web server. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside the web root by injecting traversal sequences. This can expose sensitive system files and configuration data. |
Sph200d
|
| CVE-2025-44658 | Jul 21, 2025 |
Netgear RAX30 v1.0.10.94 PHP-FPM RCE via alternate extensionsIn Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tricking the web server into executing them as PHP, bypassing security mechanisms based on file extension filtering. This may lead to remote code execution (RCE), information disclosure, or full system compromise. |
Rax30 Firmware
|
| CVE-2025-52082 | Jul 15, 2025 |
Netgear XR300 V1.0.3.38 stack buffer overflow in usb_device.cgi via POSTIn Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the read_access parameter. |
Xr300 Firmware
|
| CVE-2025-52081 | Jul 15, 2025 |
Stack Buffer Overflow in Netgear XR300 V1.0.3.38_10.3.30 via usb_device.cgiIn Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the usb_folder parameter. |
Xr300 Firmware
|
| CVE-2025-52080 | Jul 15, 2025 |
Netgear XR300 V1.0.3.38_10.3.30: HTTPD stack overflow via usb_device.cgiIn Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the share_name parameter. |
Xr300 Firmware
|
| CVE-2025-7407 | Jul 10, 2025 |
Netgear D6400 OS Command Injection via diag.cgi (v1.0.0.114)A vulnerability, which was classified as critical, was found in Netgear D6400 1.0.0.114. This affects an unknown part of the file diag.cgi. The manipulation of the argument host_name leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early and confirmed the existence of the vulnerability. They reacted very quickly, professional and kind. This vulnerability only affects products that are no longer supported by the maintainer. |
D6400 Firmware
|
| CVE-2025-6511 | Jun 23, 2025 |
Netgear EX6150 1.0.0.46_1.0.76: Remote Stack Buffer Overflow in sub_410090A vulnerability classified as critical has been found in Netgear EX6150 1.0.0.46_1.0.76. This affects the function sub_410090. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. |
Ex6150 Firmware
|
| CVE-2025-6510 | Jun 23, 2025 |
Netgear EX6100 1.0.2.28_1.1.138 stk buf overflow in sub_415EF8 (critical)A vulnerability was found in Netgear EX6100 1.0.2.28_1.1.138. It has been rated as critical. Affected by this issue is the function sub_415EF8. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. |
Ex6100 Firmware
|
| CVE-2025-5934 | Jun 10, 2025 |
Netgear EX3700 stack-based buffer overflow CVE-2025-5934 fixed in 1.0.0.98A vulnerability was found in Netgear EX3700 up to 1.0.0.88. It has been classified as critical. Affected is the function sub_41619C of the file /mtd. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.0.98 is able to address this issue. It is recommended to upgrade the affected component. This vulnerability only affects products that are no longer supported by the maintainer. |
Ex3700 Firmware
|
| CVE-2025-5495 | Jun 03, 2025 |
Netgear WNR614 1.1.0.28_1.0.1WW URL Handler auth bypassA vulnerability was found in Netgear WNR614 1.1.0.28_1.0.1WW. It has been classified as critical. This affects an unknown part of the component URL Handler. The manipulation with the input %00currentsetting.htm leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This issue appears to have been circulating as an 0day since 2024. |
Wnr614 Firmware
|
| CVE-2025-4980 | May 20, 2025 |
Netgear DGND3700 1.1.00.15_1.00.15NA Remote Info Disclosure via mini_httpA vulnerability has been found in Netgear DGND3700 1.1.00.15_1.00.15NA and classified as problematic. This vulnerability affects unknown code of the file /currentsetting.htm of the component mini_http. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. |
Dgnd3700 Firmware
|
| CVE-2025-4977 | May 20, 2025 |
Netgear DGND3700 1.1.00.15_1.00.15NA BRS_top.html Info Disclosure RemoteA vulnerability, which was classified as problematic, has been found in Netgear DGND3700 1.1.00.15_1.00.15NA. Affected by this issue is some unknown functionality of the file /BRS_top.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. |
Dgnd3700 Firmware
|
| CVE-2025-4978 | May 20, 2025 |
Netgear DGND3700 1.1.00.15_1.00.15NA: Basic Auth Improper Auth RemoteA vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.15_1.00.15NA. This affects an unknown part of the file /BRS_top.html of the component Basic Authentication. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. |
Dgnd3700 Firmware
|
| CVE-2025-45492 | May 06, 2025 |
Netgear EX8000 V1.0.0.126 - Command Injection via action_wireless Iface parameterNetgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function. |
Ex8000 Firmware
|
| CVE-2024-57235 | May 05, 2025 |
NETGEAR RAX5 V1.0.2.26 Command Injection via iface in vif_enableNETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function. |
Rax50 Firmware
|
| CVE-2024-57234 | May 05, 2025 |
Netgear RAX5 AX1600 Command Injection via ifname – V1.0.2.26NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. |
Rax50 Firmware
|
| CVE-2024-57233 | May 05, 2025 |
Netgear RAX5 v1.0.2.26: Command Injection via iface in vif_disableNETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. |
Rax50 Firmware
|
| CVE-2024-57232 | May 05, 2025 |
Command Injection in NETGEAR RAX5 1.0.2.26 via apcli_wps_gen_pincodeNETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. |
Rax50 Firmware
|
| CVE-2024-57231 | May 05, 2025 |
NETGEAR RAX5 CMD INJ via ifname param before v1.0.2.26NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. |
Rax50 Firmware
|
| CVE-2024-57230 | May 05, 2025 |
NETGEAR RAX5 Command Injection in apcli_do_enr_pin_wps (v1.0.2.26)NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. |
Rax50 Firmware
|
| CVE-2024-57229 | May 05, 2025 |
NETGEAR RAX5 AX1600 WiFi Router V1.0.2.26 Cmd Inject via devnameNETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. |
Rax50 Firmware
|
| CVE-2025-4150 | May 01, 2025 |
Netgear EX6200 1.0.3.94 Remote Buffer Overflow (sub_54340)A vulnerability was found in Netgear EX6200 1.0.3.94. It has been declared as critical. This vulnerability affects the function sub_54340. The manipulation of the argument host leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. |
Ex6200 Firmware
|
| CVE-2025-4148 | May 01, 2025 |
Netgear EX6200 1.0.3.94 Buffer Overflow in sub_503FC – Remote ExploitationA vulnerability was found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this issue is the function sub_503FC. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. |
Ex6200 Firmware
|
| CVE-2025-4149 | May 01, 2025 |
Netgear EX6200 1.0.3.94 Remote Buffer Overflow in sub_54014A vulnerability was found in Netgear EX6200 1.0.3.94. It has been classified as critical. This affects the function sub_54014. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. |
Ex6200 Firmware
|
| CVE-2025-4146 | May 01, 2025 |
Netgear EX6200 1.0.3.94 Sub_41940 Remote Buffer OverflowA vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. Affected is the function sub_41940. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. |
Ex6200 Firmware
|
| CVE-2025-4147 | May 01, 2025 |
Netgear EX6200 1.0.3.94 Remote Buffer Overflow (CVE-2025-4147)A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this vulnerability is the function sub_47F7C. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. |
Ex6200 Firmware
|
| CVE-2025-4145 | May 01, 2025 |
Netgear EX6200 1.0.3.94 Buffer Overflow via sub_3D0BC (Remote)A vulnerability, which was classified as critical, has been found in Netgear EX6200 1.0.3.94. This issue affects the function sub_3D0BC. The manipulation of the argument host leads to buffer overflow. The attack may be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. |
Ex6200 Firmware
|
| CVE-2025-4142 | Apr 30, 2025 |
Netgear EX6200 1.0.3.94 Buffer Overflow via host arg (sub_3C8EC) RemoteA vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. This vulnerability affects the function sub_3C8EC. The manipulation of the argument host leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. |
Ex6200 Firmware
|
| CVE-2025-4141 | Apr 30, 2025 |
Netgear EX6200 1.0.3.94 Buffer Overflow via sub_3C03C (CVE-2025-4141)A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. This affects the function sub_3C03C. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. |
Ex6200 Firmware
|
| CVE-2025-4140 | Apr 30, 2025 |
Netgear EX6120 1.0.3.94 Buffer Overflow via Host Argument in sub_30394A vulnerability, which was classified as critical, has been found in Netgear EX6120 1.0.3.94. Affected by this issue is the function sub_30394. The manipulation of the argument host leads to buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. |
Ex6120 Firmware
|
| CVE-2025-4139 | Apr 30, 2025 |
Critical Remote BO in Netgear EX6120 1.0.0.68 fwAcosCgiInboundA vulnerability classified as critical was found in Netgear EX6120 1.0.0.68. Affected by this vulnerability is the function fwAcosCgiInbound. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. |
Ex6120 Firmware
|
| CVE-2025-4135 | Apr 30, 2025 |
Remote Cmd Injection in Netgear WG302v2 <=5.2.9 (ui_get_input_value)A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function ui_get_input_value. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. |
Wg302v2 Firmware
|
| CVE-2025-4122 | Apr 30, 2025 |
Netgear JWNR2000v2 1.0.0.11: Command Injection via host param (critical)A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been rated as critical. Affected by this issue is the function sub_435E04. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. |
Jwnr2000v2 Firmware
|
| CVE-2025-4121 | Apr 30, 2025 |
Netgear JWNR2000v2 v1.0.0.11 Remote cmd_wireless Command InjectionA vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been declared as critical. Affected by this vulnerability is the function cmd_wireless. The manipulation of the argument host leads to command injection. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. |
Jwnr2000v2 Firmware
|