cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-35520,https://securityvulnerability.io/vulnerability/CVE-2024-35520,Netgear R7000 Vulnerable to Command Injection via RMT_invite.cgi,Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter.,Netgear,R7000 Firmware,6.8,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-14T22:15:00.000Z,0
CVE-2022-37235,https://securityvulnerability.io/vulnerability/CVE-2022-37235,Buffer Overflow Vulnerability in Netgear Nighthawk AC1900 Router,"The Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router is susceptible to a buffer overflow vulnerability due to improper handling of input in the wl binary of its firmware. An attacker could exploit this weakness via specially crafted input, potentially leading to unexpected behavior or disruption of services. Users of firmware version R7000-V1.0.11.134_10.2.119 are advised to take precautions to secure their devices.",Netgear,R7000 Firmware,9.8,CRITICAL,0.0028200000524520874,false,,false,false,false,,,false,false,,2022-09-23T00:06:29.000Z,0
CVE-2022-37234,https://securityvulnerability.io/vulnerability/CVE-2022-37234,Buffer Overflow Vulnerability in Netgear Nighthawk AC1900 Smart WiFi Router,The Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router is subject to a buffer overflow attack via the wl binary included in its firmware. This issue arises from a stack overflow vulnerability resulting from improper handling of the strncpy function. Exploiting this vulnerability could allow attackers to execute arbitrary code and potentially compromise the router's functionality and security. Users of version R7000-V1.0.11.134_10.2.119 are encouraged to update to the latest firmware to mitigate this risk.,Netgear,R7000 Firmware,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-09-22T18:26:11.000Z,0
CVE-2021-45523,https://securityvulnerability.io/vulnerability/CVE-2021-45523,Buffer Overflow Vulnerability in NETGEAR R7000 Devices,"NETGEAR R7000 devices prior to version 1.0.9.42 are susceptible to a buffer overflow vulnerability that can be exploited by authenticated users. This weakness could allow adversaries with valid access to manipulate the device's memory, potentially leading to unauthorized access or denial of service. It is crucial for users to update their devices to mitigate this potential security risk.",Netgear,R7000 Firmware,5.7,MEDIUM,0.000750000006519258,false,,false,false,false,,,false,false,,2021-12-26T00:59:02.000Z,0
CVE-2021-45530,https://securityvulnerability.io/vulnerability/CVE-2021-45530,Buffer Overflow Vulnerability Affecting NETGEAR Routers,"Certain NETGEAR routers are susceptible to a buffer overflow vulnerability that can be exploited by an authenticated user. This issue can potentially allow attackers to execute arbitrary code or cause denial-of-service conditions. Systems running firmware versions prior to the specified thresholds are particularly at risk, emphasizing the necessity for users to update their devices promptly. For detailed mitigation steps, refer to the NETGEAR security advisory.",Netgear,R7000 Firmware,4.5,MEDIUM,0.0009599999757483602,false,,false,false,false,,,false,false,,2021-12-26T00:57:32.000Z,0
CVE-2021-45553,https://securityvulnerability.io/vulnerability/CVE-2021-45553,Command Injection Vulnerability in NETGEAR Routers,"Certain NETGEAR devices are susceptible to command injection attacks, which can be executed by an authenticated user. This vulnerability allows unauthorized execution of commands on the affected firmware versions of the routers. Specifically, the R7000 versions prior to 1.0.11.126, R6900P versions before 1.3.2.126, and R7000P versions earlier than 1.3.2.126 are impacted. Users are advised to update their devices to the latest firmware to mitigate this security risk.",Netgear,R7000 Firmware,8.7,HIGH,0.001769999973475933,false,,false,false,false,,,false,false,,2021-12-26T00:51:23.000Z,0
CVE-2021-45646,https://securityvulnerability.io/vulnerability/CVE-2021-45646,Sensitive Information Disclosure in NETGEAR R7000 Devices,NETGEAR R7000 devices that have not been updated to version 1.0.11.116 are susceptible to a vulnerability that permits unauthorized access to sensitive information. This exposure can potentially lead to data breaches or further exploitation if not addressed promptly. Users are recommended to update their firmware to mitigate the risk and protect sensitive data.,Netgear,R7000 Firmware,5.3,MEDIUM,0.0022100000642240047,false,,false,false,false,,,false,false,,2021-12-26T00:29:57.000Z,0
CVE-2021-45650,https://securityvulnerability.io/vulnerability/CVE-2021-45650,Sensitive Information Disclosure in NETGEAR Routers,"Several NETGEAR routers, including models like R7000 and R7900, are susceptible to vulnerabilities that allow for potential disclosure of sensitive information. These vulnerabilities can be exploited if the devices are running unpatched versions prior to the specified firmware updates. Awareness and prompt updating of devices are essential for maintaining security against exploitation.",Netgear,R7000 Firmware,9.1,CRITICAL,0.0022100000642240047,false,,false,false,false,,,false,false,,2021-12-26T00:29:17.000Z,0
CVE-2021-45662,https://securityvulnerability.io/vulnerability/CVE-2021-45662,Stored XSS Vulnerability in NETGEAR R7000 Devices,"NETGEAR R7000 devices running software versions earlier than 1.0.9.88 are susceptible to a stored XSS vulnerability. This security flaw allows malicious actors to inject arbitrary web scripts into the application, which may be executed in the context of the user's browser session. It is crucial for users of the R7000 to update to the latest firmware to mitigate potential exploitation risks. For detailed information, refer to the official security advisory.",Netgear,R7000 Firmware,6.1,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-12-26T00:27:09.000Z,0
CVE-2021-45663,https://securityvulnerability.io/vulnerability/CVE-2021-45663,Stored XSS Vulnerability in NETGEAR R7000 Devices,"The NETGEAR R7000 devices prior to version 1.0.11.126 are susceptible to stored cross-site scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts. This can result in unauthorized information disclosure or user session hijacking, impacting the integrity of user data and the security of the network.",Netgear,R7000 Firmware,6.1,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-12-26T00:26:55.000Z,0
CVE-2021-45664,https://securityvulnerability.io/vulnerability/CVE-2021-45664,Stored XSS Vulnerability in NETGEAR R7000 Devices,"NETGEAR R7000 devices are vulnerable to stored Cross-Site Scripting (XSS) attacks, which can occur when an attacker injects malicious scripts into the web interface. This vulnerability affects all versions of the R7000 prior to 1.0.11.126. Exploiting this flaw allows attackers to execute arbitrary scripts in the context of users’ sessions, potentially leading to data theft or unauthorized actions on the device.",Netgear,R7000 Firmware,5.6,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-12-26T00:26:44.000Z,0
CVE-2021-45673,https://securityvulnerability.io/vulnerability/CVE-2021-45673,Stored Cross-Site Scripting Vulnerability in NETGEAR Routers,"An issue has been identified in certain NETGEAR routers that allows for stored cross-site scripting (XSS) attacks. This vulnerability enables an attacker to inject malicious scripts into web pages that are then displayed to other users. Affected models include R7000, R7900, R8000, RAX200, R7000P, RAX80, R6900P, and RAX75, all of which require updates to mitigate this risk. Users are advised to upgrade their devices to the latest firmware versions to protect against potential exploitation.",Netgear,R7000 Firmware,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-12-26T00:24:27.000Z,0
CVE-2021-45674,https://securityvulnerability.io/vulnerability/CVE-2021-45674,Stored Cross-Site Scripting Vulnerability in NETGEAR Routers,"Certain NETGEAR routers are susceptible to a stored Cross-Site Scripting vulnerability, allowing attackers to inject malicious scripts that can be executed in the context of the user's session. This vulnerability affects various models, including R7000, R7900, R8000, RAX15, RAX20, RAX200, RAX75, and RAX80, prior to their respective firmware versions. Successfully exploiting this vulnerability may lead to unauthorized access to sensitive information and further compromise the security of the affected devices.",Netgear,R7000 Firmware,3.2,LOW,0.000539999979082495,false,,false,false,false,,,false,false,,2021-12-26T00:24:15.000Z,0
CVE-2021-31802,https://securityvulnerability.io/vulnerability/CVE-2021-31802,,NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. The vulnerability exists within the handling of an HTTP request. An attacker can leverage this to execute code as root. The problem is that a user-provided length value is trusted during a backup.cgi file upload. The attacker must add a \n before the Content-Length header.,Netgear,R7000 Firmware,8.8,HIGH,0.04244999960064888,false,,false,false,false,,,false,false,,2021-04-26T12:02:32.000Z,0
CVE-2020-28041,https://securityvulnerability.io/vulnerability/CVE-2020-28041,,"The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim visits an attacker-controlled web site with a modern browser, aka NAT Slipstreaming. This occurs because the ALG takes action based on an IP packet with an initial REGISTER substring in the TCP data, and the correct intranet IP address in the subsequent Via header, without properly considering that connection progress and fragmentation affect the meaning of the packet data.",Netgear,Nighthawk R7000 Firmware,6.5,MEDIUM,0.10254000127315521,false,,false,false,false,,,false,false,,2020-11-02T21:15:00.000Z,0
CVE-2019-20758,https://securityvulnerability.io/vulnerability/CVE-2019-20758,,NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflow by an authenticated user.,Netgear,R7000 Firmware,7.4,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-04-16T21:10:19.000Z,0
CVE-2016-6277,https://securityvulnerability.io/vulnerability/CVE-2016-6277,,"NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.",Netgear,"D6220 Firmware,D6400 Firmware,R6250 Firmware,R6400 Firmware,R6700 Firmware,R6900 Firmware,R7000 Firmware,R7100lg Firmware,R7300dst Firmware,R7900 Firmware,R8000 Firmware",8.8,HIGH,0.9718300104141235,true,2022-03-07T00:00:00.000Z,false,false,true,2022-03-07T00:00:00.000Z,true,false,false,,2016-12-14T16:00:00.000Z,0