NETGEAR — Vulnerabilities & Security Advisories 194

Browse all 194 CVE security advisories affecting NETGEAR. AI-powered Chinese analysis, POCs, and references for each vulnerability.

NETGEAR manufactures networking hardware, primarily consumer and small business routers, switches, and wireless access points. The company’s extensive vulnerability record, comprising 177 Common Vulnerabilities and Exposures (CVEs), highlights systemic security weaknesses in its embedded firmware. Historically, the most prevalent flaw classes include remote code execution (RCE), which allows attackers to gain full control over devices, and cross-site scripting (XSS) within web management interfaces. Privilege escalation and buffer overflow vulnerabilities are also common, often stemming from insufficient input validation and hardcoded credentials. These defects have facilitated large-scale botnet recruitment and unauthorized network access. While NETGEAR has implemented security response protocols, the high volume of disclosed issues reflects ongoing challenges in securing resource-constrained IoT devices. The persistent presence of critical flaws underscores the difficulty of maintaining robust security standards across a vast portfolio of consumer networking equipment.

CVE ID	Title	CVSS	Severity	Published
CVE-2023-38101	NETGEAR ProSAFE Network Management System SettingConfigController Exposed Dangerous Function Remote Code Execution Vulnerability — ProSAFE Network Management SystemCWE-749	8.8	-	2024-05-03
CVE-2023-38100	NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability — ProSAFE Network Management SystemCWE-89	8.8	-	2024-05-03
CVE-2023-38099	NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote Code Execution Vulnerability — ProSAFE Network Management SystemCWE-89	8.8	-	2024-05-03
CVE-2023-38098	NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability — ProSAFE Network Management SystemCWE-434	8.8	-	2024-05-03
CVE-2023-38097	NETGEAR ProSAFE Network Management System BkreProcessThread Exposed Dangerous Function Remote Code Execution Vulnerability — ProSAFE Network Management SystemCWE-749	8.8	-	2024-05-03
CVE-2023-38096	NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability — ProSAFE Network Management SystemCWE-287	9.8	-	2024-05-03
CVE-2023-38095	NETGEAR ProSAFE Network Management System MFileUploadController Unrestricted File Upload Remote Code Execution Vulnerability — ProSAFE Network Management SystemCWE-434	8.8	-	2024-05-03
CVE-2023-35722	NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability — RAX30CWE-78	8.8	-	2024-05-03
CVE-2023-35721	NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution Vulnerability — Multiple RoutersCWE-295	8.8	-	2024-05-03
CVE-2023-34284	NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability — RAX30CWE-798	8.8	-	2024-05-03
CVE-2023-34285	NETGEAR RAX30 cmsCli_authenticate Stack-based Buffer Overflow Remote Code Execution Vulnerability — RAX30CWE-121	8.8	-	2024-05-03
CVE-2023-34283	NETGEAR RAX30 USB Share Link Following Information Disclosure Vulnerability — RAX30CWE-59	4.6	-	2024-05-03
CVE-2023-27370	NETGEAR RAX30 Device Configuration Cleartext Storage Information Disclosure Vulnerability — RAX30CWE-312	5.7	-	2024-05-03
CVE-2023-27369	NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability — RAX30CWE-121	8.8	-	2024-05-03
CVE-2023-27368	NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability — RAX30CWE-121	8.8^AI	High^AI	2024-05-03
CVE-2023-27367	NETGEAR RAX30 libcms_cli Command Injection Remote Code Execution Vulnerability — RAX30CWE-78	8.0	-	2024-05-03
CVE-2023-27361	NETGEAR RAX30 rex_cgi JSON Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability — RAX30CWE-121	8.0	-	2024-05-03
CVE-2023-27360	NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability — RAX30CWE-345	8.8	-	2024-05-03
CVE-2023-27358	NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability — RAX30CWE-89	8.8	-	2024-05-03
CVE-2023-27357	NETGEAR RAX30 GetInfo Missing Authentication Information Disclosure Vulnerability — RAX30CWE-306	6.5	-	2024-05-03
CVE-2023-27356	NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability — RAX30CWE-78	8.0	-	2024-05-03
CVE-2024-4235	Netgear DG834Gv5 Web Management Interface cleartext storage — DG834Gv5CWE-312	2.7	Low	2024-04-26
CVE-2023-48725	NETGEAR RAX30 安全漏洞 — RAX30CWE-121	7.2	High	2024-03-07
CVE-2024-1431	Netgear R7000 Web Management Interface debuginfo.htm information disclosure — R7000CWE-200	4.3	Medium	2024-02-11
CVE-2024-1430	Netgear R7000 Web Management Interface currentsetting.htm information disclosure — R7000CWE-200	4.3	Medium	2024-02-11
CVE-2023-49694	NETGEAR ProSAFE Network Management System Privilege Escalation Via MySQL Server — NETGEAR ProSAFE Network Management SystemCWE-284	7.8	High	2023-11-29
CVE-2023-49693	NETGEAR ProSAFE Network Management System RCE via Unprotected Access to Java Debug Wire Protocol — NETGEAR ProSAFE Network Management SystemCWE-306	9.8	Critical	2023-11-29
CVE-2023-2396	Netgear SRX5308 Web Management Interface cross site scripting — SRX5308CWE-79	4.3	Medium	2023-04-28
CVE-2023-2395	Netgear SRX5308 Web Management Interface cross site scripting — SRX5308CWE-79	4.3	Medium	2023-04-28
CVE-2023-2394	Netgear SRX5308 Web Management Interface cross site scripting — SRX5308CWE-79	2.4	Low	2023-04-28

This page lists every published CVE security advisory associated with NETGEAR. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

NETGEAR — Vulnerabilities & Security Advisories 194