cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-25246,https://securityvulnerability.io/vulnerability/CVE-2025-25246,Remote Code Execution Vulnerability in NETGEAR WiFi Routers,"Certain models of NETGEAR WiFi routers, including the XR1000 and XR500, are susceptible to a remote code execution vulnerability. This issue permits unauthenticated users to execute arbitrary code on the devices, potentially compromising the security of the entire network. Users of affected models are advised to update their firmware promptly to mitigate this risk and protect their systems from unauthorized access.",Netgear,"Xr1000,Xr1000v2,Xr500",8.1,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-05T00:00:00.000Z,0
CVE-2024-23690,https://securityvulnerability.io/vulnerability/CVE-2024-23690,Command Injection Vulnerability in Netgear FVS336Gv2 and FVS336Gv3 Routers,"The Netgear FVS336Gv2 and FVS336Gv3 routers are vulnerable to a command injection issue via the Telnet interface. This allows an authenticated attacker to execute arbitrary operating system commands with root privileges. By sending maliciously crafted 'util backup_configuration' commands, an attacker can gain unauthorized access, potentially leading to further exploitation of the device. Users are advised to disable Telnet and migrate to supported products to enhance their security.",Netgear,"Fvs336gv3,Fvs336gv2",7.2,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-04T14:34:00.370Z,0
CVE-2024-12847,https://securityvulnerability.io/vulnerability/CVE-2024-12847,Authentication Bypass Vulnerability in NETGEAR DGN1000 Router,"The NETGEAR DGN1000 router, prior to firmware version 1.1.00.48, has a significant authentication bypass vulnerability. This flaw allows a remote and unauthenticated attacker to send specially crafted HTTP requests to the setup.cgi endpoint, enabling them to execute arbitrary operating system commands with root privileges. The exploit potential has been active in the wild since at least 2017, highlighting the urgency for users to update their device firmware to safeguard against unauthorized access and control.",Netgear,Dgn1000,9.8,CRITICAL,0.0008399999933317304,false,,false,false,true,2025-01-10T20:15:00.000Z,true,true,false,,2025-01-10T20:15:00.000Z,2199
CVE-2023-51635,https://securityvulnerability.io/vulnerability/CVE-2023-51635,NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability,"The vulnerability identified within the NETGEAR RAX30 router involves a stack-based buffer overflow in the fing_dil service. This flaw occurs due to improper validation of the length of user-supplied data before it is copied into a fixed-length buffer on the stack. As a result, an attacker who is network-adjacent can exploit this weakness to execute arbitrary code with root privileges on the affected device without requiring authentication.",Netgear,Rax30,8.8,HIGH,0.0007399999885819852,false,,false,false,false,,,false,false,,2024-11-22T20:04:59.288Z,0
CVE-2023-51634,https://securityvulnerability.io/vulnerability/CVE-2023-51634,NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability,"The NETGEAR RAX30 routers are vulnerable due to improper validation of certificates during file downloads via HTTPS. This flaw allows network-adjacent attackers to compromise the integrity of downloaded information without requiring authentication. By exploiting this vulnerability, attackers can potentially execute arbitrary code in a root context, thereby enhancing their ability to manipulate the router's functionalities. It is essential for users of NETGEAR RAX30 routers to remain vigilant and apply necessary security updates to mitigate risks associated with this vulnerability.",Netgear,Rax30,7.5,HIGH,0.0005699999746866524,false,,false,false,false,,,false,false,,2024-11-22T20:04:58.330Z,0
CVE-2024-35517,https://securityvulnerability.io/vulnerability/CVE-2024-35517,Command Injection Vulnerability in Netgear XR1000 Router,"The Netgear XR1000 router version 1.0.0.64 has a command injection vulnerability located in the usb_remote_smb_conf.cgi file. This vulnerability allows attackers to exploit the share_name parameter, potentially enabling unauthorized command execution on the router. If successfully exploited, this could lead to serious security risks, including unauthorized access to sensitive router configurations and compromised network integrity.",Netgear,Xr1000 Firmware,7.2,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-10-11T00:00:00.000Z,0
CVE-2024-35522,https://securityvulnerability.io/vulnerability/CVE-2024-35522,Authenticated Command Injection Vulnerability in Netgear AC750 WiFi Range Extender,"The Netgear EX3700 AC750 WiFi Range Extender Essentials Edition is susceptible to an authenticated command injection due to improper validation of the ap_mode parameter in the operating_mode.cgi interface. This vulnerability occurs when the ap_24g_manual parameter is set to 1 and ap_24g_manual_sec is NotNone. Exploitation of this vulnerability could allow an attacker with valid credentials to execute arbitrary commands on the device, potentially leading to unauthorized access and manipulation of the system.",Netgear,Ex3700 Firmware,7.2,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-10-11T00:00:00.000Z,0
CVE-2024-6814,https://securityvulnerability.io/vulnerability/CVE-2024-6814,SQL Injection Vulnerability in NETGEAR ProSAFE Network Management System,"The vulnerability involves a flaw in the getFilterString method of the NETGEAR ProSAFE Network Management System, which fails to properly validate user-supplied input before using it in SQL queries. This allows remote attackers to execute arbitrary code on affected systems, provided they can authenticate. Successful exploitation could result in complete control over the system, escalating risks for data integrity and security. This issue has been identified as ZDI-CAN-23399, with additional details available from NETGEAR.",Netgear,Prosafe Network Management System,8.8,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2024-08-21T16:15:00.000Z,0
CVE-2024-6813,https://securityvulnerability.io/vulnerability/CVE-2024-6813,SQL Injection Vulnerability in NETGEAR ProSAFE Network Management System,"The vulnerability within the NETGEAR ProSAFE Network Management System arises from inadequate validation of a user-supplied string in the getSortString method, leading to SQL Injection. This flaw permits remote attackers with necessary authentication to manipulate SQL queries, enabling them to execute arbitrary code with SYSTEM privileges. Organizations utilizing affected versions of the system are urged to apply available security updates to mitigate this risk. For further details, review the applicable security advisories.",Netgear,Prosafe Network Management System,8.8,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2024-08-21T16:15:00.000Z,0
CVE-2024-5505,https://securityvulnerability.io/vulnerability/CVE-2024-5505,Remote Code Execution Vulnerability in NETGEAR ProSAFE Network Management System,"The NETGEAR ProSAFE Network Management System suffers from a significant vulnerability in the UpLoadServlet class, which fails to properly validate user-supplied paths prior to file operations. This oversight allows attackers with authenticated access to exploit the flaw, enabling them to execute arbitrary code with SYSTEM privileges. Effective remediation involves patching affected versions and enforcing strict access controls.",Netgear,Prosafe Network Management System,8.8,HIGH,0.0018500000005587935,false,,false,false,false,,,false,false,,2024-06-06T17:49:15.113Z,0
CVE-2022-43654,https://securityvulnerability.io/vulnerability/CVE-2022-43654,Remote Code Execution Vulnerability in NETGEAR CAX30S Routers,"A command injection vulnerability exists within the NETGEAR CAX30S router, specifically concerning the handling of the token parameter in the sso.php endpoint. This vulnerability arises from insufficient validation of user-supplied input, allowing attackers with network access to execute arbitrary code as the root user. Exploiting this flaw does not require any form of authentication, making affected routers an accessible target for potential threats. Users of the NETGEAR CAX30S should ensure their devices are updated to mitigate risks associated with this vulnerability.",Netgear,Cax30s,8.8,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-05-07T22:54:59.091Z,0
CVE-2021-34982,https://securityvulnerability.io/vulnerability/CVE-2021-34982,Stack-based Buffer Overflow Remote Code Execution Vulnerability,"A vulnerability exists in the httpd service of multiple NETGEAR routers, which can lead to remote code execution. The issue arises when the service fails to properly validate the length of user-supplied data during the parsing of the strings file. This flaw creates a stack-based buffer overflow condition. Attackers with network adjacency can exploit this vulnerability without any authentication, allowing them to execute arbitrary code with root privileges. The impacted devices listen on TCP port 80 by default, providing a pathway for exploitation.",Netgear,Multiple Routers,8.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-05-07T22:54:50.139Z,0
CVE-2021-34947,https://securityvulnerability.io/vulnerability/CVE-2021-34947,Remote Code Execution Vulnerability in NETGEAR R7800 Routers,"The vulnerability affects NETGEAR R7800 routers, enabling potential attackers on the same network to execute arbitrary code without authentication. This issue arises from inadequate validation of user-supplied data within the parsing of the soap_block_table file, which can lead to a write past the allocated data structure. As a consequence, attackers may exploit this flaw to execute code with root privileges, posing a significant security risk to affected devices.",Netgear,R7800,8.8,HIGH,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-05-07T22:54:22.897Z,0
CVE-2023-50231,https://securityvulnerability.io/vulnerability/CVE-2023-50231,NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation Vulnerability,"The vulnerability resides in the saveNodeLabel method of the NETGEAR ProSAFE Network Management System, which lacks adequate validation of user-supplied data. This flaw permits an intervention from remote attackers allowing them to inject arbitrary scripts. The exploitation of this vulnerability can lead to unauthorized privilege escalation, granting attackers access to sensitive resources typically shielded from standard user access. A minimal level of user interaction is needed for attackers to exploit this defect, emphasizing the importance of prompt security measures.",Netgear,Prosafe Network Management System,8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-05-03T03:16:00.000Z,0
CVE-2023-44450,https://securityvulnerability.io/vulnerability/CVE-2023-44450,Remote Code Execution Vulnerability in NETGEAR ProSAFE Network Management System,"The NETGEAR ProSAFE Network Management System is susceptible to an SQL injection vulnerability that permits remote attackers to execute arbitrary code. The flaw specifically resides in the getNodesByTopologyMapSearch function, which fails to adequately validate user-provided strings before integrating them into SQL queries. This oversight allows attackers, once authenticated, to manipulate database queries and execute commands with SYSTEM privileges. Proper security measures and patching are crucial to mitigate the risks associated with this vulnerability.",Netgear,Prosafe Network Management System,8.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-05-03T02:14:11.766Z,0
CVE-2023-44449,https://securityvulnerability.io/vulnerability/CVE-2023-44449,Remote Privilege Escalation Vulnerability in NETGEAR ProSAFE Network Management System,"The ProSAFE Network Management System from NETGEAR contains a vulnerability in its clearAlertByIds function, where insufficient validation of a user-supplied string allows an attacker to construct malicious SQL queries. This weakness enables an authenticated attacker to escalate privileges, gaining access to resources that are typically restricted. Proper string validation is essential to mitigate such risks and protect sensitive data from unauthorized access.",Netgear,Prosafe Network Management System,8.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-05-03T02:14:11.010Z,0
CVE-2023-44445,https://securityvulnerability.io/vulnerability/CVE-2023-44445,Stack-based Buffer Overflow Remote Code Execution Vulnerability,"A buffer overflow vulnerability affects NETGEAR CAX30 routers, allowing network-adjacent attackers to execute arbitrary code. The vulnerability is due to improper validation of the length of user-supplied data in the sso binary, resulting in potential remote code execution with root privileges. Attackers can exploit this flaw without requiring authentication, enhancing the severity of the risk. Proper awareness and mitigation steps are essential for users of the affected NETGEAR CAX30 product to safeguard their networks.",Netgear,Cax30,8.8,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-05-03T02:14:08.089Z,0
CVE-2023-41183,https://securityvulnerability.io/vulnerability/CVE-2023-41183,NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability,"The vulnerability within the NETGEAR Orbi 760 routers arises from inadequate authentication measures in the SOAP API implementation. This flaw enables network-adjacent attackers to bypass the standard authentication requirements, allowing unauthorized access to potentially sensitive functionality of the device. Such exploitation poses significant risks to network security, as attackers can leverage this vulnerability to manipulate router settings or intercept network traffic. Proper attention to firmware updates is essential to mitigate the risks stemming from this vulnerability.",Netgear,Orbi 760,8.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-05-03T02:11:44.607Z,0
CVE-2023-41182,https://securityvulnerability.io/vulnerability/CVE-2023-41182,NETGEAR ProSAFE Network Management System ZipUtils Directory Traversal Remote Code Execution Vulnerability,"The vulnerability in NETGEAR ProSAFE Network Management System arises from a flaw in the ZipUtils class, where it inadequately validates user-supplied paths during file operations. This oversight makes it possible for remote attackers, even with authentication, to bypass security mechanisms and execute arbitrary code with SYSTEM privileges. Proper safeguards are essential to mitigate potential risks associated with this vulnerability, as it could lead to significant compromises in secure network management.",Netgear,Prosafe Network Management System,7.2,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2024-05-03T02:11:43.770Z,0
CVE-2023-40480,https://securityvulnerability.io/vulnerability/CVE-2023-40480,NETGEAR RAX30 DHCP Server Command Injection Remote Code Execution Vulnerability,"The vulnerability identified in the NETGEAR RAX30 router's DHCP server allows remote code execution due to improper validation of user-supplied input. An attacker exploiting this flaw can execute arbitrary code with root privileges without requiring authentication, thereby compromising the network's integrity and security. The flaw is linked to how the DHCP server handles user input, underscoring the critical importance of validation processes in safeguarding against potential exploits. Details are available through security advisories from the Zero Day Initiative and NETGEAR.",Netgear,Rax30,8.8,HIGH,0.0005699999746866524,false,,false,false,false,,,false,false,,2024-05-03T02:11:15.206Z,0
CVE-2023-40479,https://securityvulnerability.io/vulnerability/CVE-2023-40479,NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability,"A security flaw has been identified within the UPnP service in NETGEAR RAX30 routers, enabling network-adjacent attackers to execute arbitrary code due to improper validation of user-inputted strings. This allows exploitation without any authentication, posing significant risks if left unaddressed. Attackers can operate with root-level privileges, potentially compromising the entire device. Effective protective measures should be taken immediately to mitigate this security issue, as listed in security advisories from NETGEAR.",Netgear,Rax30,8.8,HIGH,0.0005699999746866524,false,,false,false,false,,,false,false,,2024-05-03T02:11:14.444Z,0
CVE-2023-38102,https://securityvulnerability.io/vulnerability/CVE-2023-38102,NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability,"A privilege escalation vulnerability exists in the NETGEAR ProSAFE Network Management System, specifically within the createUser function. Due to insufficient authorization checks, an attacker may exploit this vulnerability to obtain elevated privileges. This allows unauthorized users to access resources and functionalities that should be restricted. While authentication is required to access the system, the vulnerability enables the bypassing of the existing authentication mechanism, posing a significant risk to security.",Netgear,Prosafe Network Management System,8.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-05-03T01:59:03.692Z,0
CVE-2023-38101,https://securityvulnerability.io/vulnerability/CVE-2023-38101,NETGEAR ProSAFE Network Management System SettingConfigController Exposed Dangerous Function Remote Code Execution Vulnerability,"The vulnerability within the NETGEAR ProSAFE Network Management System's SettingConfigController allows remote attackers to execute arbitrary code due to an exposed dangerous function. Although exploitation requires authentication, the vulnerability enables attackers to bypass the existing authentication mechanisms. This flaw allows code execution in the context of SYSTEM, potentially leading to severe security implications for affected installations. Organizations using this management system should review the advisory for mitigations and updates to address this significant security concern.",Netgear,Prosafe Network Management System,7.2,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-05-03T01:59:02.918Z,0
CVE-2023-38100,https://securityvulnerability.io/vulnerability/CVE-2023-38100,NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability,"The NETGEAR ProSAFE Network Management System is impacted by a vulnerability that allows remote attackers to escalate privileges due to improper validation of user input in the clearAlertByIds function. This flaw enables attackers to construct SQL queries that could grant them access to resources they should not be able to control. Although the exploit requires authentication, it allows attackers to bypass existing authentication mechanisms, posing a significant security threat to networks utilizing this system. Organizations are advised to assess their systems for this vulnerability and apply available patches or mitigations.",Netgear,Prosafe Network Management System,8.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-05-03T01:59:02.233Z,0
CVE-2023-38099,https://securityvulnerability.io/vulnerability/CVE-2023-38099,NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote Code Execution Vulnerability,"A critical SQL injection vulnerability has been identified in the getNodesByTopologyMapSearch function of the NETGEAR ProSAFE Network Management System. The flaw originates from insufficient validation of user-supplied input used in SQL query construction, enabling remote attackers to exploit it to execute arbitrary code on compromised installations. Although the vulnerability requires user authentication, the existing authentication mechanism is susceptible to bypass, allowing unauthorized access. Successful exploitation can lead to executing commands in the context of the SYSTEM user, posing significant risks to sensitive data and system integrity.",Netgear,Prosafe Network Management System,8.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-05-03T01:59:01.440Z,0