Note:
This project will be discontinued after December 13, 2021. [more]
Product:
R8500_firmware
(Netgear)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 117 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-11-05 | CVE-2024-50997 | Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | R6400v2_firmware, R7000p_firmware, R8500_firmware, Xr300_firmware | N/A | ||
| 2024-11-05 | CVE-2024-51002 | Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the l2tp_user_ip parameter at l2tp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | R6400v2_firmware, R7000p_firmware, R8500_firmware, Xr300_firmware | N/A | ||
| 2024-11-05 | CVE-2024-51004 | Netgear R8500 v1.0.2.160 and R7000P v1.3.3.154 were discovered to multiple stack overflow vulnerabilities in the component usb_device.cgi via the cifs_user, read_access, and write_access parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request. | R7000p_firmware, R8500_firmware | N/A | ||
| 2024-11-05 | CVE-2024-51005 | Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the share_name parameter at usb_remote_smb_conf.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | R8500_firmware | N/A | ||
| 2024-11-05 | CVE-2024-51009 | Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at ether.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | R8500_firmware | N/A | ||
| 2024-11-05 | CVE-2024-51012 | Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_pri_dns parameter at ipv6_fix.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | R8500_firmware | N/A | ||
| 2024-11-05 | CVE-2024-52019 | Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | R8500_firmware | N/A | ||
| 2024-11-05 | CVE-2024-52020 | Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at wiz_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | R8500_firmware | N/A | ||
| 2024-11-05 | CVE-2024-52021 | Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at bsw_fix.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | R8500_firmware | N/A | ||
| 2020-10-09 | CVE-2020-26917 | Certain NETGEAR devices are affected by stored XSS. This affects EX7000 before 1.0.1.78, R6250 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7900 before 1.0.3.8, R8300 before 1.0.2.128, and R8500 before 1.0.2.128. | Ex7000_firmware, R6250_firmware, R6400_firmware, R6400v2_firmware, R7100lg_firmware, R7300dst_firmware, R7900_firmware, R8300_firmware, R8500_firmware | 4.8 |