Note:
This project will be discontinued after December 13, 2021. [more]
Product:
R8500_firmware
(Netgear)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 109 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-11-05 | CVE-2024-50996 | Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the bpa_server parameter at genie_bpa.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | R6400v2_firmware, R7000p_firmware, R8500_firmware, Xr300_firmware | N/A | ||
| 2024-11-05 | CVE-2024-51003 | Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component ap_mode.cgi via the apmode_dns1_pri and apmode_dns1_sec parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request. | R6400v2_firmware, R7000p_firmware, R8500_firmware, Xr300_firmware | N/A | ||
| 2024-11-05 | CVE-2024-50997 | Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | R6400v2_firmware, R7000p_firmware, R8500_firmware, Xr300_firmware | N/A | ||
| 2024-11-05 | CVE-2024-51002 | Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the l2tp_user_ip parameter at l2tp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | R6400v2_firmware, R7000p_firmware, R8500_firmware, Xr300_firmware | N/A | ||
| 2024-11-05 | CVE-2024-51004 | Netgear R8500 v1.0.2.160 and R7000P v1.3.3.154 were discovered to multiple stack overflow vulnerabilities in the component usb_device.cgi via the cifs_user, read_access, and write_access parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request. | R7000p_firmware, R8500_firmware | N/A | ||
| 2024-11-05 | CVE-2024-51005 | Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the share_name parameter at usb_remote_smb_conf.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | R8500_firmware | N/A | ||
| 2024-11-05 | CVE-2024-51009 | Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at ether.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | R8500_firmware | N/A | ||
| 2024-11-05 | CVE-2024-51012 | Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_pri_dns parameter at ipv6_fix.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | R8500_firmware | N/A | ||
| 2024-11-05 | CVE-2024-52019 | Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | R8500_firmware | N/A | ||
| 2024-11-05 | CVE-2024-52020 | Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at wiz_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | R8500_firmware | N/A |