NETGEAR — Vulnerabilities & Security Advisories 194

Browse all 194 CVE security advisories affecting NETGEAR. AI-powered Chinese analysis, POCs, and references for each vulnerability.

NETGEAR manufactures networking hardware, primarily consumer and small business routers, switches, and wireless access points. The company’s extensive vulnerability record, comprising 177 Common Vulnerabilities and Exposures (CVEs), highlights systemic security weaknesses in its embedded firmware. Historically, the most prevalent flaw classes include remote code execution (RCE), which allows attackers to gain full control over devices, and cross-site scripting (XSS) within web management interfaces. Privilege escalation and buffer overflow vulnerabilities are also common, often stemming from insufficient input validation and hardcoded credentials. These defects have facilitated large-scale botnet recruitment and unauthorized network access. While NETGEAR has implemented security response protocols, the high volume of disclosed issues reflects ongoing challenges in securing resource-constrained IoT devices. The persistent presence of critical flaws underscores the difficulty of maintaining robust security standards across a vast portfolio of consumer networking equipment.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-4114	Netgear JWNR2000v2 check_language_file buffer overflow — JWNR2000v2CWE-120	8.8	High	2025-04-30
CVE-2025-25246	NETGEAR XR1000和NETGEAR XR500 安全漏洞 — XR1000CWE-94	8.1	High	2025-02-05
CVE-2024-23690	EOL Netgear FVS336v3 Telnet Configuration Backup Command Injection — FVS336Gv3CWE-78	7.2	High	2025-02-04
CVE-2024-12847	NETGEAR DGN setup.cgi OS Command Injection — DGN1000CWE-78	9.8	Critical	2025-01-10
CVE-2024-12988	Netgear R6900P/R7000P HTTP Header sub_16C4C buffer overflow — R6900PCWE-120	7.3	High	2024-12-27
CVE-2024-12147	Netgear R6900 HTTP Header upgrade_check.cgi buffer overflow — R6900CWE-120	6.5	Medium	2024-12-04
CVE-2023-51635	NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability — RAX30CWE-121	8.8	-	2024-11-22
CVE-2023-51634	NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability — RAX30CWE-295	8.8	-	2024-11-22
CVE-2024-6814	NETGEAR ProSAFE Network Management System getFilterString SQL Injection Remote Code Execution Vulnerability — ProSAFE Network Management SystemCWE-89	8.8^AI	High^AI	2024-08-21
CVE-2024-6813	NETGEAR ProSAFE Network Management System getSortString SQL Injection Remote Code Execution Vulnerability — ProSAFE Network Management SystemCWE-89	8.8^AI	High^AI	2024-08-21
CVE-2024-7153	Netgear WN604 siteSurvey.php direct request — WN604CWE-425	5.3	Medium	2024-07-27
CVE-2024-6646	Netgear WN604 Web Interface downloadFile.php information disclosure — WN604CWE-200	5.3	Medium	2024-07-10
CVE-2024-5505	NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability — ProSAFE Network Management SystemCWE-22	8.8^AI	High^AI	2024-06-06
CVE-2024-5247	NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability — ProSAFE Network Management SystemCWE-434	8.8^AI	High^AI	2024-05-23
CVE-2024-5246	NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability — ProSAFE Network Management SystemCWE-1395	8.8^AI	High^AI	2024-05-23
CVE-2024-5245	NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability — ProSAFE Network Management SystemCWE-1392	7.8^AI	High^AI	2024-05-23
CVE-2022-43654	NETGEAR CAX30S SSO Command Injection Remote Code Execution Vulnerability — CAX30SCWE-78	8.8^AI	High^AI	2024-05-07
CVE-2021-34983	NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability — Multiple RoutersCWE-306	6.5	-	2024-05-07
CVE-2021-34982	NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability — Multiple RoutersCWE-121	8.8	-	2024-05-07
CVE-2021-34947	NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability — R7800CWE-787	8.8	-	2024-05-07
CVE-2023-50231	NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation Vulnerability — ProSAFE Network Management SystemCWE-79	6.1	-	2024-05-03
CVE-2023-44450	NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote Code Execution Vulnerability — ProSAFE Network Management SystemCWE-89	8.8	-	2024-05-03
CVE-2023-44449	NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability — ProSAFE Network Management SystemCWE-89	8.8	-	2024-05-03
CVE-2023-44445	NETGEAR CAX30 SSO Stack-based Buffer Overflow Remote Code Execution Vulnerability — CAX30CWE-121	8.8	-	2024-05-03
CVE-2023-41183	NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability — Orbi 760CWE-306	8.8	-	2024-05-03
CVE-2023-41182	NETGEAR ProSAFE Network Management System ZipUtils Directory Traversal Remote Code Execution Vulnerability — ProSAFE Network Management SystemCWE-22	8.8	-	2024-05-03
CVE-2023-40480	NETGEAR RAX30 DHCP Server Command Injection Remote Code Execution Vulnerability — RAX30CWE-78	8.8	-	2024-05-03
CVE-2023-40478	NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerability — RAX30CWE-121	8.0	-	2024-05-03
CVE-2023-40479	NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability — RAX30CWE-78	8.8	-	2024-05-03
CVE-2023-38102	NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability — ProSAFE Network Management SystemCWE-862	9.8	-	2024-05-03

This page lists every published CVE security advisory associated with NETGEAR. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

NETGEAR — Vulnerabilities & Security Advisories 194