cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-25246,https://securityvulnerability.io/vulnerability/CVE-2025-25246,Remote Code Execution Vulnerability in NETGEAR WiFi Routers,"Certain models of NETGEAR WiFi routers, including the XR1000 and XR500, are susceptible to a remote code execution vulnerability. This issue permits unauthenticated users to execute arbitrary code on the devices, potentially compromising the security of the entire network. Users of affected models are advised to update their firmware promptly to mitigate this risk and protect their systems from unauthorized access.",Netgear,"Xr1000,Xr1000v2,Xr500",8.1,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-05T00:00:00.000Z,0
CVE-2024-23690,https://securityvulnerability.io/vulnerability/CVE-2024-23690,Command Injection Vulnerability in Netgear FVS336Gv2 and FVS336Gv3 Routers,"The Netgear FVS336Gv2 and FVS336Gv3 routers are vulnerable to a command injection issue via the Telnet interface. This allows an authenticated attacker to execute arbitrary operating system commands with root privileges. By sending maliciously crafted 'util backup_configuration' commands, an attacker can gain unauthorized access, potentially leading to further exploitation of the device. Users are advised to disable Telnet and migrate to supported products to enhance their security.",Netgear,"Fvs336gv3,Fvs336gv2",7.2,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-04T14:34:00.370Z,0
CVE-2024-12847,https://securityvulnerability.io/vulnerability/CVE-2024-12847,Authentication Bypass Vulnerability in NETGEAR DGN1000 Router,"The NETGEAR DGN1000 router, prior to firmware version 1.1.00.48, has a significant authentication bypass vulnerability. This flaw allows a remote and unauthenticated attacker to send specially crafted HTTP requests to the setup.cgi endpoint, enabling them to execute arbitrary operating system commands with root privileges. The exploit potential has been active in the wild since at least 2017, highlighting the urgency for users to update their device firmware to safeguard against unauthorized access and control.",Netgear,Dgn1000,9.8,CRITICAL,0.0008399999933317304,false,,false,false,true,2025-01-10T20:15:00.000Z,true,true,false,,2025-01-10T20:15:00.000Z,2199
CVE-2024-12988,https://securityvulnerability.io/vulnerability/CVE-2024-12988,Buffer Overflow Vulnerability in Netgear Routers,"A vulnerability identified in Netgear R6900P and R7000P affects the HTTP Header Handler component, specifically within the function responsible for processing the Host argument. Malicious exploitation of this vulnerability can lead to a buffer overflow, potentially enabling attackers to execute arbitrary code remotely. The vulnerability has been publicly disclosed, creating a heightened risk for users and necessitating prompt remedial action. Despite prior notifications, Netgear has not addressed the concerns raised regarding this critical issue.",Netgear,,,,0.0004400000034365803,false,,false,false,false,,false,false,false,,2024-12-27T17:15:00.000Z,0
CVE-2024-12147,https://securityvulnerability.io/vulnerability/CVE-2024-12147,Buffer Overflow Vulnerability in Netgear R6900 Router,"A serious security flaw has been identified in the Netgear R6900 router, specifically affecting version 1.0.1.26_1.0.20. The vulnerability lies within the HTTP Header Handler, particularly the upgrade_check.cgi functionality. An attacker can exploit this vulnerability by manipulating the Content-Length argument, leading to a buffer overflow condition. This allows for remote execution of arbitrary code, putting users at significant risk. The vulnerability has been publicly disclosed, and despite early notification, Netgear has not provided any response or patches to address the issue.",Netgear,,,,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-12-04T18:15:00.000Z,0
CVE-2023-51635,https://securityvulnerability.io/vulnerability/CVE-2023-51635,NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability,"The vulnerability identified within the NETGEAR RAX30 router involves a stack-based buffer overflow in the fing_dil service. This flaw occurs due to improper validation of the length of user-supplied data before it is copied into a fixed-length buffer on the stack. As a result, an attacker who is network-adjacent can exploit this weakness to execute arbitrary code with root privileges on the affected device without requiring authentication.",Netgear,Rax30,8.8,HIGH,0.0007399999885819852,false,,false,false,false,,,false,false,,2024-11-22T20:04:59.288Z,0
CVE-2023-51634,https://securityvulnerability.io/vulnerability/CVE-2023-51634,NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability,"The NETGEAR RAX30 routers are vulnerable due to improper validation of certificates during file downloads via HTTPS. This flaw allows network-adjacent attackers to compromise the integrity of downloaded information without requiring authentication. By exploiting this vulnerability, attackers can potentially execute arbitrary code in a root context, thereby enhancing their ability to manipulate the router's functionalities. It is essential for users of NETGEAR RAX30 routers to remain vigilant and apply necessary security updates to mitigate risks associated with this vulnerability.",Netgear,Rax30,7.5,HIGH,0.0005699999746866524,false,,false,false,false,,,false,false,,2024-11-22T20:04:58.330Z,0
CVE-2024-51001,https://securityvulnerability.io/vulnerability/CVE-2024-51001,Stack Overflow Vulnerability in Netgear R8500,"The Netgear R8500, specifically version 1.0.2.160, has a stack overflow vulnerability identified in the sysDNSHost parameter at ddns.cgi. This security flaw enables attackers to execute a Denial of Service (DoS) attack through specially crafted POST requests, potentially disrupting service availability.",Netgear,Netgear R8500,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-05T00:00:00.000Z,0
CVE-2024-51007,https://securityvulnerability.io/vulnerability/CVE-2024-51007,Stack Overflow Vulnerability in Netgear Networking Device,"The Netgear XR300 version 1.0.3.78 has been found susceptible to a stack overflow vulnerability through the passphrase parameter in wireless.cgi. This security flaw allows potential attackers to exploit the device by sending specially crafted POST requests, which can lead to a Denial of Service (DoS) condition. The seriousness of this vulnerability emphasizes the importance of ensuring that devices are updated to the latest firmware to mitigate risks and safeguard network integrity.",Netgear,XR300,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-05T00:00:00.000Z,0
CVE-2024-51008,https://securityvulnerability.io/vulnerability/CVE-2024-51008,Command Injection Vulnerability in Netgear XR300 Router,"A command injection vulnerability has been identified in the Netgear XR300 Router v1.0.3.78 affecting the system_name parameter at wiz_dyn.cgi. This security flaw enables attackers to execute arbitrary operating system commands by sending specially crafted requests, potentially compromising the device's integrity and the network's security.",Netgear,XR300 Router,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-05T00:00:00.000Z,0
CVE-2024-50998,https://securityvulnerability.io/vulnerability/CVE-2024-50998,Stack Overflow Vulnerabilities in Netgear R8500 Router,"The Netgear R8500 Router, specifically version v1.0.2.160, is susceptible to multiple stack overflow vulnerabilities within the openvpn.cgi component. These vulnerabilities are triggered through the openvpn_service_port and openvpn_service_port_tun parameters. An attacker can exploit these weaknesses by sending a specially crafted POST request, potentially leading to Denial of Service (DoS) conditions, disrupting the normal operation of the device and leaving users vulnerable to further attacks.",Netgear,R8500 Router,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-05T00:00:00.000Z,0
CVE-2024-51004,https://securityvulnerability.io/vulnerability/CVE-2024-51004,Multiple Stack Overflow Vulnerabilities in Netgear Routers,"Netgear R8500 and R7000P routers have been found to contain multiple stack overflow vulnerabilities in the usb_device.cgi component, specifically affecting the cifs_user, read_access, and write_access parameters. These vulnerabilities can be exploited by attackers to execute crafted POST requests, leading to potential Denial of Service (DoS) scenarios. Users of the affected router models should take immediate action to update their devices to mitigate these risks.",Netgear,R8500 and R7000P Routers,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-05T00:00:00.000Z,0
CVE-2024-51003,https://securityvulnerability.io/vulnerability/CVE-2024-51003,Multiple Stack Overflow Vulnerabilities in Netgear Routers,"Several Netgear routers, including R8500, XR300, R7000P, and R6400, are susceptible to multiple stack overflow vulnerabilities within the ap_mode.cgi component. Exploiting these vulnerabilities through crafted POST requests targeting the apmode_dns1_pri and apmode_dns1_sec parameters can trigger a Denial of Service (DoS), compromising network availability and stability. Users are advised to apply available security patches to mitigate risks associated with these vulnerabilities.",Netgear,Netgear Routers,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-05T00:00:00.000Z,0
CVE-2024-51005,https://securityvulnerability.io/vulnerability/CVE-2024-51005,Command Injection Vulnerability in Netgear R8500 Router,"The Netgear R8500 router version 1.0.2.160 is susceptible to a command injection vulnerability found in the share_name parameter of usb_remote_smb_conf.cgi. This flaw allows attackers to send specially crafted requests to the router, potentially enabling them to execute arbitrary operating system commands. The exploitation of this vulnerability poses significant risks to network security, making it imperative for users to update their devices and apply security patches as they become available.",Netgear,R8500 Router,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-05T00:00:00.000Z,0
CVE-2024-51000,https://securityvulnerability.io/vulnerability/CVE-2024-51000,Multiple stack overflow vulnerabilities in Netgear R8500 affecting wireless.cgi,"The Netgear R8500 device version v1.0.2.160 has been identified with multiple stack overflow vulnerabilities in the wireless.cgi component. Attackers can exploit these vulnerabilities by sending specially crafted POST requests that manipulate the opmode, opmode_an, and opmode_an_2 parameters. This exploitation can lead to a Denial of Service (DoS), disrupting device functionality and affecting user access.",Netgear,R8500,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-05T00:00:00.000Z,0
CVE-2024-50993,https://securityvulnerability.io/vulnerability/CVE-2024-50993,Command Injection Vulnerability in Netgear R8500 Router,"The Netgear R8500 router, specifically version v1.0.2.160, has been identified to have a command injection vulnerability in the sysNewPasswd parameter at admin_account.cgi. This vulnerability enables attackers to exploit the router by sending specially crafted requests, potentially allowing them to execute arbitrary operating system commands. Proper safeguards and timely updates are crucial to mitigate the risks associated with this vulnerability.",Netgear,R8500 Router,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-05T00:00:00.000Z,0
CVE-2024-50997,https://securityvulnerability.io/vulnerability/CVE-2024-50997,Denial of Service Vulnerability in Netgear Routers,"Certain versions of Netgear routers are susceptible to a stack overflow vulnerability through the 'pptp_user_ip' parameter in the 'pptp.cgi' file. This allows attackers to send specially crafted POST requests to exploit the issue, potentially resulting in a Denial of Service condition. This highlights the need for users to update their firmware promptly to mitigate potential risks.",Netgear,Netgear Routers,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-05T00:00:00.000Z,0
CVE-2024-51002,https://securityvulnerability.io/vulnerability/CVE-2024-51002,Stack Overflow Vulnerability in Netgear Routers,"A vulnerability has been identified in several Netgear router models that allows for a stack overflow through the l2tp_user_ip parameter in l2tp.cgi. This weakness can be exploited by an attacker sending a specially crafted POST request, potentially resulting in a Denial of Service (DoS) condition, disrupting the availability of the affected network devices.",Netgear,Netgear Routers,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-05T00:00:00.000Z,0
CVE-2024-52013,https://securityvulnerability.io/vulnerability/CVE-2024-52013,Stack Overflow Vulnerability in Netgear Routers,"A vulnerability exists in multiple Netgear routers where a stack overflow can occur through the pptp_user_ip parameter in the wiz_pptp.cgi file. By sending a specially crafted POST request, an attacker can exploit this vulnerability, potentially resulting in a Denial of Service (DoS). Affected models include the R8500, XR300, R7000P, and R6400, highlighting the need for immediate awareness and action from users to safeguard their devices.",Netgear,Various Netgear Routers,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-05T00:00:00.000Z,0
CVE-2024-50999,https://securityvulnerability.io/vulnerability/CVE-2024-50999,Command Injection Vulnerability in Netgear R8500 Router,"The Netgear R8500 router version 1.0.2.160 has a command injection vulnerability in the sysNewPasswd parameter of the password.cgi script. This flaw enables attackers to craft specific requests that can lead to the execution of arbitrary operating system commands. By exploiting this vulnerability, unauthorized users can gain control over the device's operating system, potentially compromising the integrity and confidentiality of the network.",Netgear,R8500 Router,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-05T00:00:00.000Z,0
CVE-2024-50994,https://securityvulnerability.io/vulnerability/CVE-2024-50994,Stack Overflow Vulnerabilities in Netgear R8500 Products,"The Netgear R8500 v1.0.2.160 is affected by multiple stack overflow vulnerabilities found in the ipv6_fix.cgi component. Attackers can exploit this issue by crafting specific POST requests that manipulate the parameters ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, and ipv6_lan_length. This exploitation can lead to service disruptions, resulting in a Denial of Service (DoS). It is advised for users to review their firmware and apply any necessary updates to mitigate these security risks.",Netgear,R8500,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-05T00:00:00.000Z,0
CVE-2024-50995,https://securityvulnerability.io/vulnerability/CVE-2024-50995,Stack Overflow Vulnerability in Netgear R8500 Router,"A stack overflow vulnerability has been identified in Netgear's R8500 router, specifically in version v1.0.2.160, where manipulation of the 'share_name' parameter through the 'usb_remote_smb_conf.cgi' interface can lead to a Denial of Service (DoS) condition. Attackers can exploit this weakness by sending a specially crafted POST request, which may cause the device to become unresponsive. This vulnerability highlights the importance of updating firmware and implementing robust security practices to protect against potential threats.",Netgear,R8500 Router,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-05T00:00:00.000Z,0
CVE-2024-50996,https://securityvulnerability.io/vulnerability/CVE-2024-50996,Stack Overflow Vulnerability in Netgear Routers,"A stack overflow vulnerability exists in specific Netgear router models that can be exploited through the 'bpa_server' parameter in the 'genie_bpa.cgi' script. Attackers can leverage this vulnerability to send crafted POST requests, resulting in a Denial of Service (DoS) condition. Affected models include R8500, XR300, R7000P, and R6400, making it critical for users to apply necessary patches to protect their devices.",Netgear,"R8500, XR300, R7000P, R6400",,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-05T00:00:00.000Z,0
CVE-2024-51006,https://securityvulnerability.io/vulnerability/CVE-2024-51006,Stack Overflow Vulnerability in Netgear R8500 Router,"The Netgear R8500 Router, specifically version v1.0.2.160, has been identified with a stack overflow issue linked to the ipv6_static_ip parameter within the ipv6_tunnel function. This vulnerability can be exploited by attackers sending crafted POST requests, potentially leading to Denial of Service, which disrupts the availability of the device and its services.",Netgear,R8500 Router,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-05T00:00:00.000Z,0
CVE-2024-51009,https://securityvulnerability.io/vulnerability/CVE-2024-51009,Command Injection Vulnerability in Netgear R8500 Router,"A command injection vulnerability exists in the Netgear R8500 router, specifically in the wan_gateway parameter at ether.cgi. This flaw enables attackers to execute arbitrary operating system commands through specially crafted requests, posing significant security risks to users. It is crucial for users to ensure their devices are updated and secured against potential exploitation.",Netgear,R8500 Router,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-05T00:00:00.000Z,0