Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Xr300_firmware
(Netgear)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 38 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-11-05 | CVE-2024-50996 | Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the bpa_server parameter at genie_bpa.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | R6400v2_firmware, R7000p_firmware, R8500_firmware, Xr300_firmware | N/A | ||
| 2024-11-05 | CVE-2024-51003 | Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component ap_mode.cgi via the apmode_dns1_pri and apmode_dns1_sec parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request. | R6400v2_firmware, R7000p_firmware, R8500_firmware, Xr300_firmware | N/A | ||
| 2024-11-05 | CVE-2024-50997 | Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | R6400v2_firmware, R7000p_firmware, R8500_firmware, Xr300_firmware | N/A | ||
| 2024-11-05 | CVE-2024-51002 | Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the l2tp_user_ip parameter at l2tp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | R6400v2_firmware, R7000p_firmware, R8500_firmware, Xr300_firmware | N/A | ||
| 2024-11-05 | CVE-2024-51007 | Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at wireless.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | Xr300_firmware | N/A | ||
| 2024-11-05 | CVE-2024-51008 | Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at wiz_dyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. | Xr300_firmware | N/A | ||
| 2024-11-05 | CVE-2024-51014 | Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the ssid_an parameter in bridge_wireless_main.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | Xr300_firmware | N/A | ||
| 2024-11-05 | CVE-2024-51016 | Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the addName%d parameter in usb_approve.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | Xr300_firmware | N/A | ||
| 2024-11-05 | CVE-2024-51022 | Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the ssid parameter in bridge_wireless_main.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | Xr300_firmware | N/A | ||
| 2024-11-05 | CVE-2024-52017 | Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at bridge_wireless_main.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | Xr300_firmware | N/A |