Netgear Wnr1000 Firmware vulnerabilities
35 known vulnerabilities affecting netgear/wnr1000_firmware.
Total CVEs
35
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH19MEDIUM12
Vulnerabilities
Page 2 of 2
CVE-2017-18784MEDIUMCVSS 6.1fixed in 1.1.0.442020-04-22
CVE-2017-18784 [MEDIUM] CWE-79 CVE-2017-18784: Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1
Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900
nvd
CVE-2017-18788MEDIUMCVSS 6.7fixed in 1.1.0.442020-04-22
CVE-2017-18788 [MEDIUM] CWE-74 CVE-2017-18788: Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D36
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D6200 before 1.1.00.24, D6220 before 1.0.0.32, D6400 before 1.0.0.66, D7000 before 1.0.1.52, D7000v2 before 1.0.0.44, D7800 before 1.0.1.30, D8500 before 1.0.3.35, DGN2200v4 before 1.0.0
nvd
CVE-2017-18778MEDIUMCVSS 5.5fixed in 1.1.0.442020-04-22
CVE-2017-18778 [MEDIUM] CWE-20 CVE-2017-18778: Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6220 before 1.0.0.28, D6400 before 1.0.0.60, D7000 before 1.0.1.52, D7000v2 before 1.0.0.38, D7800 before 1.0.1.24, D8500 before 1.0.3.29, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.14, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6050 befo
nvd
CVE-2017-18785MEDIUMCVSS 4.8fixed in 1.1.0.442020-04-22
CVE-2017-18785 [MEDIUM] CWE-79 CVE-2017-18785: Certain NETGEAR devices are affected by XSS. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.
Certain NETGEAR devices are affected by XSS. This affects D3600 before 1.0.0.67, D6000 before 1.0.0.67, D6100 before 1.0.0.56, D6200 before 1.1.00.24, D6220 before 1.0.0.32, D6400 before 1.0.0.66, D7000 before 1.0.1.52, D7000v2 before 1.0.0.44, D7800 before 1.0.1.30, D8500 before 1.0.3.35, DGN2200v4 before 1.0.0.96, DGN2200Bv4 before 1.0.0.96, EX2700
nvd
CVE-2017-18780MEDIUMCVSS 5.5fixed in 1.1.0.442020-04-22
CVE-2017-18780 [MEDIUM] CVE-2017-18780: Certain NETGEAR devices are affected by denial of service. This affects D6200 before 1.1.00.24, D700
Certain NETGEAR devices are affected by denial of service. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.1
nvd
CVE-2017-18783MEDIUMCVSS 6.1fixed in 1.1.0.442020-04-22
CVE-2017-18783 [MEDIUM] CWE-79 CVE-2017-18783: Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1
Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R680
nvd
CVE-2017-18763MEDIUMCVSS 6.5fixed in 1.1.0.422020-04-22
CVE-2017-18763 [MEDIUM] CWE-20 CVE-2017-18763: Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects J
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JNR1010v2 before 1.1.0.42, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.42, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6120 before 1.0.0.30, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5
nvd
CVE-2017-18791HIGHCVSS 8.8fixed in 1.1.0.402020-04-21
CVE-2017-18791 [HIGH] CWE-352 CVE-2017-18791: Certain NETGEAR devices are affected by CSRF. This affects R6050/JR6150 before 1.0.1.7, PR2000 befor
Certain NETGEAR devices are affected by CSRF. This affects R6050/JR6150 before 1.0.1.7, PR2000 before 1.0.0.17, R6220 before 1.1.0.50, WNDR3700v5 before 1.1.0.48, JNR1010v2 before 1.1.0.40, JWNR2010v5 before 1.1.0.40, WNR1000v4 before 1.1.0.40, WNR2020 before 1.1.0.40, WNR2050 before 1.1.0.40, WNR614 before 1.1.0.40, WNR618 before 1.1.0.40, and D7000
nvd
CVE-2019-20738MEDIUMCVSS 5.4fixed in 1.1.0.502020-04-16
CVE-2019-20738 [MEDIUM] CVE-2019-20738: Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.58, D7800 before
Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.58, D7800 before 1.0.1.34, JNR1010v2 before 1.1.0.50, JWNR2010v5 before 1.1.0.50, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, R6020 before 1.0.0.30, R6080 before 1.0.0.30, R6100 before 1.0.1.16, R6120 before 1.0.0.40, R6700v2 before 1.2.0.14, R6800 b
nvd
CVE-2019-20488CRITICALCVSS 9.8v1.1.0.542020-03-02
CVE-2019-20488 [CRITICAL] CWE-78 CVE-2019-20488: An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the web manag
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the web management interface (setup.cgi) are vulnerable to command injection, allowing remote attackers to execute arbitrary commands, as demonstrated by shell metacharacters in the sysDNSHost parameter.
nvd
CVE-2019-20489CRITICALCVSS 9.8v1.1.0.542020-03-02
CVE-2019-20489 [CRITICAL] CWE-287 CVE-2019-20489: An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. The web management interface (setup.c
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. The web management interface (setup.cgi) has an authentication bypass and other problems that ultimately allow an attacker to remotely compromise the device from a malicious webpage. The attacker sends an FW_remote.htm&todo=cfg_init request without a cookie, reads the Set-Cookie header
nvd
CVE-2019-20487HIGHCVSS 8.8v1.1.0.542020-03-02
CVE-2019-20487 [HIGH] CWE-352 CVE-2019-20487: An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the WNR1000V4
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple actions within the WNR1000V4 web management console are vulnerable to an unauthenticated GET request (exploitable directly or through CSRF), as demonstrated by the setup.cgi?todo=save_htp_account URI.
nvd
CVE-2019-20486MEDIUMCVSS 6.1v1.1.0.542020-03-02
CVE-2019-20486 [MEDIUM] CWE-79 CVE-2019-20486: An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple pages (setup.cgi and adv_ind
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple pages (setup.cgi and adv_index.htm) within the web management console are vulnerable to stored XSS, as demonstrated by the configuration of the UI language.
nvd
CVE-2013-3316CRITICALCVSS 9.8fixed in 1.0.2.602020-01-29
CVE-2013-3316 [CRITICAL] CWE-287 CVE-2013-3316: Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server
Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg".
nvd
CVE-2013-3317CRITICALCVSS 9.8fixed in 1.0.2.602020-01-29
CVE-2013-3317 [CRITICAL] CWE-287 CVE-2013-3317: Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak ke
Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key.
nvd
← Previous2 / 2