Xr300_firmware - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Xr300_firmware
(Netgear)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	50

Date	Id	Summary	Products	Score	Patch	Annotated
2024-11-05	CVE-2024-52024	Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at wizpppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.	R6400v2_firmware, R7000p_firmware, Xr300_firmware	N/A
2024-11-05	CVE-2024-51011	Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.	R6400v2_firmware, R7000p_firmware, Xr300_firmware	N/A
2024-11-05	CVE-2024-51021	Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a command injection vulnerability via the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.	R6400v2_firmware, R7000p_firmware, Xr300_firmware	N/A
2024-11-05	CVE-2024-52013	Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at wiz_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.	R6400v2_firmware, R7000p_firmware, R8500_firmware, Xr300_firmware	N/A
2024-11-05	CVE-2024-52014	Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at genie_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.	R6400v2_firmware, R7000p_firmware, R8500_firmware, Xr300_firmware	N/A
2024-11-05	CVE-2024-52015	Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at bsw_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.	R6400v2_firmware, R7000p_firmware, R8500_firmware, Xr300_firmware	N/A
2024-11-05	CVE-2024-52016	Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component wlg_adv.cgi via the apmode_dns1_pri and apmode_dns1_sec parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request.	R6400v2_firmware, R7000p_firmware, R8500_firmware, Xr300_firmware	N/A
2024-11-05	CVE-2024-52022	Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component wlg_adv.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.	R6400v2_firmware, R7000p_firmware, R8500_firmware, Xr300_firmware	N/A
2024-11-05	CVE-2024-52023	Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe2.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.	R6400v2_firmware, R7000p_firmware, Xr300_firmware	N/A
2024-11-05	CVE-2024-52025	Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at geniepppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request.	R6400v2_firmware, R7000p_firmware, Xr300_firmware	N/A