VARIoT IoT vulnerabilities database

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component wlg_adv.cgi via the apmode_dns1_pri and apmode_dns1_sec parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted POST request. R8500 firmware, XR300 firmware, R7000P A classic buffer overflow vulnerability exists in multiple Netgear products, including firmware.Service operation interruption (DoS) It may be in a state

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at bsw_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. R8500 firmware, XR300 firmware, R7000P A classic buffer overflow vulnerability exists in multiple Netgear products, including firmware.Service operation interruption (DoS) It may be in a state

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at genie_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. R8500 firmware, XR300 firmware, R7000P A classic buffer overflow vulnerability exists in multiple Netgear products, including firmware.Service operation interruption (DoS) It may be in a state

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at wiz_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. R8500 firmware, XR300 firmware, R7000P A classic buffer overflow vulnerability exists in multiple Netgear products, including firmware.Service operation interruption (DoS) It may be in a state

D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the HostName parameter in the SetWanSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. D-Link Systems, Inc. of DIR-823G The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-823G is a wireless router from D-Link, a Chinese company

D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the Address parameter in the SetNetworkTomographySettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. D-Link Systems, Inc. of DIR-823G The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-823G is a wireless router from D-Link, a Chinese company

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the ssid parameter in bridge_wireless_main.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. of netgear XR300 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. NETGEAR XR300 is a wireless router from NETGEAR. The vulnerability is caused by the ssid parameter in the bridge_wireless_main.cgi component failing to properly verify the length of the input data

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a command injection vulnerability via the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. of netgear XR300 firmware, R7000P firmware, R6400v2 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the apn parameter at usbISP_detail_edit.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. of netgear R7000P Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. NETGEAR R7000P is a wireless router from NETGEAR. The vulnerability is caused by the apn parameter in the usbISP_detail_edit.cgi component failing to properly verify the length of the input data

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pppoe_localnetmask parameter at pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. of netgear R7000P Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. NETGEAR R7000P is a wireless router from NETGEAR. The vulnerability is caused by the pppoe_localnetmask parameter in the pppoe.cgi component failing to properly verify the length of the input data

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. of netgear R7000P Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. NETGEAR R7000P is a wireless router from NETGEAR. The vulnerability is caused by the pptp_user_netmask parameter in the pptp.cgi component failing to properly verify the length of the input data

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the l2tp_user_netmask parameter at l2tp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. of netgear R7000P Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. NETGEAR R7000P is a wireless router from NETGEAR. The vulnerability is caused by the l2tp_user_netmask parameter in the l2tp.cgi component failing to properly verify the length of the input data

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the addName%d parameter in usb_approve.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. of netgear XR300 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. NETGEAR XR300 is a wireless router from NETGEAR. The vulnerability is caused by the addName%d parameter in the usb_approve.cgi component failing to properly verify the length of the input data

Netgear R7000P v1.3.3.154 was discovered to contain a command injection vulnerability via the device_name2 parameter at operation_mode.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. of netgear R7000P Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. NETGEAR R7000P is a wireless router from NETGEAR. The vulnerability is caused by the device_name2 parameter in the operation_mode.cgi component failing to properly filter special characters and commands in the constructed command

Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the ssid_an parameter in bridge_wireless_main.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. of netgear XR300 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. NETGEAR XR300 is a wireless router from NETGEAR. NETGEAR XR300 v1.0.3.78 has a security vulnerability. The vulnerability is caused by a buffer overflow vulnerability in the ssid_an parameter in the bridge_wireless_main.cgi component

Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the RADIUSAddr%d_wla parameter at wireless.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. of netgear R7000P Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. NETGEAR R7000P is a wireless router from NETGEAR. The vulnerability is caused by the RADIUSAddr%d_wla parameter in the wireless.cgi component failing to properly verify the length of the input data

Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_pri_dns parameter at ipv6_fix.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. of netgear R8500 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. NETGEAR R8500 is a wireless router from NETGEAR. The vulnerability is caused by the failure of the ipv6_pri_dns parameter in the ipv6_fix.cgi component to properly verify the length of the input data

Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. of netgear XR300 firmware, R7000P firmware, R6400v2 Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component ap_mode.cgi via the apmode_gateway parameter. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. R8500 firmware, XR300 firmware, R7000P For multiple Netgear products such as firmware, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at ether.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. (DoS) It may be in a state. NETGEAR R8500 is a wireless router from NETGEAR. The vulnerability is caused by the wan_gateway parameter in the ether.cgi component failing to properly filter special characters and commands in constructing commands