Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for wndr4700_firmware by netgear

    CVE-2013-3074 (GCVE-0-2013-3074)

    Vulnerability from nvd – Published: 2020-01-28 20:07 – Updated: 2024-08-06 16:00
    VLAI
    Summary
    NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device crash).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.securityfocus.com/bid/59303 vdb-entryx_refsource_BID
    Date Public
    2013-04-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:00:09.431Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "59303",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/bid/59303"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-04-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device crash)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-28T20:07:50.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "59303",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "https://www.securityfocus.com/bid/59303"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-3074",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device crash)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "59303",
                  "refsource": "BID",
                  "url": "https://www.securityfocus.com/bid/59303"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-3074",
        "datePublished": "2020-01-28T20:07:50.000Z",
        "dateReserved": "2013-04-15T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:00:09.431Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-3071 (GCVE-0-2013-3071)

    Vulnerability from nvd – Published: 2020-01-28 20:03 – Updated: 2024-08-06 16:00
    VLAI
    Summary
    NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.securityfocus.com/bid/59406 vdb-entryx_refsource_BID
    Date Public
    2013-04-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:00:09.433Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "59406",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/bid/59406"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-04-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-28T20:03:19.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "59406",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "https://www.securityfocus.com/bid/59406"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-3071",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "59406",
                  "refsource": "BID",
                  "url": "https://www.securityfocus.com/bid/59406"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-3071",
        "datePublished": "2020-01-28T20:03:19.000Z",
        "dateReserved": "2013-04-15T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:00:09.433Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-3072 (GCVE-0-2013-3072)

    Vulnerability from nvd – Published: 2019-11-14 18:11 – Updated: 2024-08-06 16:00
    VLAI
    Summary
    An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:00:09.274Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ise.io/soho_service_hacks/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-0-0-52"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ise.io/research/studies-and-papers/netgear_wndr4700/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://\u003crouter_ip\u003e/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-14T18:11:10.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ise.io/soho_service_hacks/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-0-0-52"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ise.io/research/studies-and-papers/netgear_wndr4700/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-3072",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://\u003crouter_ip\u003e/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ise.io/casestudies/exploiting-soho-routers/",
                  "refsource": "MISC",
                  "url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
                },
                {
                  "name": "https://www.ise.io/soho_service_hacks/",
                  "refsource": "MISC",
                  "url": "https://www.ise.io/soho_service_hacks/"
                },
                {
                  "name": "https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-0-0-52",
                  "refsource": "CONFIRM",
                  "url": "https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-0-0-52"
                },
                {
                  "name": "https://www.ise.io/research/studies-and-papers/netgear_wndr4700/",
                  "refsource": "MISC",
                  "url": "https://www.ise.io/research/studies-and-papers/netgear_wndr4700/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-3072",
        "datePublished": "2019-11-14T18:11:10.000Z",
        "dateReserved": "2013-04-15T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:00:09.274Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-3070 (GCVE-0-2013-3070)

    Vulnerability from nvd – Published: 2019-11-14 18:42 – Updated: 2024-08-06 16:00
    VLAI
    Summary
    An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2013-04-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:00:09.701Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ise.io/soho_service_hacks/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/bid/59308"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-04-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-14T18:42:39.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ise.io/soho_service_hacks/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.securityfocus.com/bid/59308"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-3070",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ise.io/casestudies/exploiting-soho-routers/",
                  "refsource": "MISC",
                  "url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
                },
                {
                  "name": "https://www.ise.io/soho_service_hacks/",
                  "refsource": "MISC",
                  "url": "https://www.ise.io/soho_service_hacks/"
                },
                {
                  "name": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf",
                  "refsource": "MISC",
                  "url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf"
                },
                {
                  "name": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only",
                  "refsource": "CONFIRM",
                  "url": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only"
                },
                {
                  "name": "https://www.securityfocus.com/bid/59308",
                  "refsource": "MISC",
                  "url": "https://www.securityfocus.com/bid/59308"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-3070",
        "datePublished": "2019-11-14T18:42:39.000Z",
        "dateReserved": "2013-04-15T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:00:09.701Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-3073 (GCVE-0-2013-3073)

    Vulnerability from nvd – Published: 2019-11-14 17:47 – Updated: 2024-08-06 16:00
    VLAI
    Summary
    A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2013-04-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:00:09.828Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ise.io/soho_service_hacks/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.8471"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/bid/59307"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-04-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-14T17:55:17.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ise.io/soho_service_hacks/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://vuldb.com/?id.8471"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.securityfocus.com/bid/59307"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-3073",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ise.io/casestudies/exploiting-soho-routers/",
                  "refsource": "MISC",
                  "url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
                },
                {
                  "name": "https://www.ise.io/soho_service_hacks/",
                  "refsource": "MISC",
                  "url": "https://www.ise.io/soho_service_hacks/"
                },
                {
                  "name": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf",
                  "refsource": "MISC",
                  "url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf"
                },
                {
                  "name": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only",
                  "refsource": "CONFIRM",
                  "url": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only"
                },
                {
                  "name": "https://vuldb.com/?id.8471",
                  "refsource": "MISC",
                  "url": "https://vuldb.com/?id.8471"
                },
                {
                  "name": "https://www.securityfocus.com/bid/59307",
                  "refsource": "MISC",
                  "url": "https://www.securityfocus.com/bid/59307"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-3073",
        "datePublished": "2019-11-14T17:47:51.000Z",
        "dateReserved": "2013-04-15T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:00:09.828Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-10174 (GCVE-0-2016-10174)

    Vulnerability from nvd – Published: 2017-01-30 04:24 – Updated: 2025-10-21 23:55
    VLAI CISA KEVIntel
    Summary
    The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Date Public
    2017-01-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T03:14:42.372Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2016/Dec/72"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt"
              },
              {
                "name": "95867",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95867"
              },
              {
                "name": "41719",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/41719/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability"
              },
              {
                "name": "40949",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/40949/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2016-10174",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T21:00:58.307508Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-25",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-10174"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:55:46.735Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-10174"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-25T00:00:00.000Z",
                "value": "CVE-2016-10174 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-01-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-02T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2016/Dec/72"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt"
            },
            {
              "name": "95867",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95867"
            },
            {
              "name": "41719",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/41719/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability"
            },
            {
              "name": "40949",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/40949/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-10174",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://seclists.org/fulldisclosure/2016/Dec/72",
                  "refsource": "MISC",
                  "url": "http://seclists.org/fulldisclosure/2016/Dec/72"
                },
                {
                  "name": "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt",
                  "refsource": "MISC",
                  "url": "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt"
                },
                {
                  "name": "95867",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95867"
                },
                {
                  "name": "41719",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/41719/"
                },
                {
                  "name": "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability",
                  "refsource": "MISC",
                  "url": "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability"
                },
                {
                  "name": "40949",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/40949/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-10174",
        "datePublished": "2017-01-30T04:24:00.000Z",
        "dateReserved": "2017-01-29T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:55:46.735Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-3069 (GCVE-0-2013-3069)

    Vulnerability from nvd – Published: 2014-04-25 17:00 – Updated: 2024-08-06 16:00
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityevaluators.com/knowledge/case_stud… x_refsource_MISC
    http://osvdb.org/92557 vdb-entryx_refsource_OSVDB
    Date Public
    2013-04-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:00:10.066Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf"
              },
              {
                "name": "92557",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/92557"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-04-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-04-25T16:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf"
            },
            {
              "name": "92557",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/92557"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-3069",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf",
                  "refsource": "MISC",
                  "url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf"
                },
                {
                  "name": "92557",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/92557"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-3069",
        "datePublished": "2014-04-25T17:00:00.000Z",
        "dateReserved": "2013-04-15T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:00:10.066Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-3074 (GCVE-0-2013-3074)

    Vulnerability from cvelistv5 – Published: 2020-01-28 20:07 – Updated: 2024-08-06 16:00
    VLAI
    Summary
    NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device crash).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.securityfocus.com/bid/59303 vdb-entryx_refsource_BID
    Date Public
    2013-04-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:00:09.431Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "59303",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/bid/59303"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-04-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device crash)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-28T20:07:50.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "59303",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "https://www.securityfocus.com/bid/59303"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-3074",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow remote attackers to cause a denial of service (device crash)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "59303",
                  "refsource": "BID",
                  "url": "https://www.securityfocus.com/bid/59303"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-3074",
        "datePublished": "2020-01-28T20:07:50.000Z",
        "dateReserved": "2013-04-15T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:00:09.431Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-3071 (GCVE-0-2013-3071)

    Vulnerability from cvelistv5 – Published: 2020-01-28 20:03 – Updated: 2024-08-06 16:00
    VLAI
    Summary
    NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.securityfocus.com/bid/59406 vdb-entryx_refsource_BID
    Date Public
    2013-04-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:00:09.433Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "59406",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/bid/59406"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-04-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-28T20:03:19.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "59406",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "https://www.securityfocus.com/bid/59406"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-3071",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "59406",
                  "refsource": "BID",
                  "url": "https://www.securityfocus.com/bid/59406"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-3071",
        "datePublished": "2020-01-28T20:03:19.000Z",
        "dateReserved": "2013-04-15T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:00:09.433Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-3070 (GCVE-0-2013-3070)

    Vulnerability from cvelistv5 – Published: 2019-11-14 18:42 – Updated: 2024-08-06 16:00
    VLAI
    Summary
    An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2013-04-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:00:09.701Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ise.io/soho_service_hacks/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/bid/59308"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-04-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-14T18:42:39.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ise.io/soho_service_hacks/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.securityfocus.com/bid/59308"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-3070",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An Information Disclosure vulnerability exists in Netgear WNDR4700 running firmware 1.0.0.34 in the management web interface, which discloses the PSK of the wireless LAN."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ise.io/casestudies/exploiting-soho-routers/",
                  "refsource": "MISC",
                  "url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
                },
                {
                  "name": "https://www.ise.io/soho_service_hacks/",
                  "refsource": "MISC",
                  "url": "https://www.ise.io/soho_service_hacks/"
                },
                {
                  "name": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf",
                  "refsource": "MISC",
                  "url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf"
                },
                {
                  "name": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only",
                  "refsource": "CONFIRM",
                  "url": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only"
                },
                {
                  "name": "https://www.securityfocus.com/bid/59308",
                  "refsource": "MISC",
                  "url": "https://www.securityfocus.com/bid/59308"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-3070",
        "datePublished": "2019-11-14T18:42:39.000Z",
        "dateReserved": "2013-04-15T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:00:09.701Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-3072 (GCVE-0-2013-3072)

    Vulnerability from cvelistv5 – Published: 2019-11-14 18:11 – Updated: 2024-08-06 16:00
    VLAI
    Summary
    An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:00:09.274Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ise.io/soho_service_hacks/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-0-0-52"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ise.io/research/studies-and-papers/netgear_wndr4700/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://\u003crouter_ip\u003e/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-14T18:11:10.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ise.io/soho_service_hacks/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-0-0-52"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ise.io/research/studies-and-papers/netgear_wndr4700/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-3072",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://\u003crouter_ip\u003e/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ise.io/casestudies/exploiting-soho-routers/",
                  "refsource": "MISC",
                  "url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
                },
                {
                  "name": "https://www.ise.io/soho_service_hacks/",
                  "refsource": "MISC",
                  "url": "https://www.ise.io/soho_service_hacks/"
                },
                {
                  "name": "https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-0-0-52",
                  "refsource": "CONFIRM",
                  "url": "https://kb.netgear.com/23728/WNDR4700-Firmware-Version-1-0-0-52"
                },
                {
                  "name": "https://www.ise.io/research/studies-and-papers/netgear_wndr4700/",
                  "refsource": "MISC",
                  "url": "https://www.ise.io/research/studies-and-papers/netgear_wndr4700/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-3072",
        "datePublished": "2019-11-14T18:11:10.000Z",
        "dateReserved": "2013-04-15T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:00:09.274Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-3073 (GCVE-0-2013-3073)

    Vulnerability from cvelistv5 – Published: 2019-11-14 17:47 – Updated: 2024-08-06 16:00
    VLAI
    Summary
    A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2013-04-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:00:09.828Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ise.io/soho_service_hacks/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.8471"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/bid/59307"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-04-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-14T17:55:17.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ise.io/soho_service_hacks/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://vuldb.com/?id.8471"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.securityfocus.com/bid/59307"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-3073",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.ise.io/casestudies/exploiting-soho-routers/",
                  "refsource": "MISC",
                  "url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
                },
                {
                  "name": "https://www.ise.io/soho_service_hacks/",
                  "refsource": "MISC",
                  "url": "https://www.ise.io/soho_service_hacks/"
                },
                {
                  "name": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf",
                  "refsource": "MISC",
                  "url": "https://www.ise.io/wp-content/uploads/2017/07/soho_techreport.pdf"
                },
                {
                  "name": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only",
                  "refsource": "CONFIRM",
                  "url": "https://kb.netgear.com/24413/WNDR3700v4-Firmware-Version-1-0-1-52-Except-China-and-Russia-Only"
                },
                {
                  "name": "https://vuldb.com/?id.8471",
                  "refsource": "MISC",
                  "url": "https://vuldb.com/?id.8471"
                },
                {
                  "name": "https://www.securityfocus.com/bid/59307",
                  "refsource": "MISC",
                  "url": "https://www.securityfocus.com/bid/59307"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-3073",
        "datePublished": "2019-11-14T17:47:51.000Z",
        "dateReserved": "2013-04-15T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:00:09.828Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-10174 (GCVE-0-2016-10174)

    Vulnerability from cvelistv5 – Published: 2017-01-30 04:24 – Updated: 2025-10-21 23:55
    VLAI CISA KEVIntel
    Summary
    The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Date Public
    2017-01-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T03:14:42.372Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2016/Dec/72"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt"
              },
              {
                "name": "95867",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/95867"
              },
              {
                "name": "41719",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/41719/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability"
              },
              {
                "name": "40949",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/40949/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2016-10174",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T21:00:58.307508Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-03-25",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-10174"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:55:46.735Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-10174"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-03-25T00:00:00.000Z",
                "value": "CVE-2016-10174 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-01-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-02T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2016/Dec/72"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt"
            },
            {
              "name": "95867",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/95867"
            },
            {
              "name": "41719",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/41719/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability"
            },
            {
              "name": "40949",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/40949/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-10174",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://seclists.org/fulldisclosure/2016/Dec/72",
                  "refsource": "MISC",
                  "url": "http://seclists.org/fulldisclosure/2016/Dec/72"
                },
                {
                  "name": "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt",
                  "refsource": "MISC",
                  "url": "https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt"
                },
                {
                  "name": "95867",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/95867"
                },
                {
                  "name": "41719",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/41719/"
                },
                {
                  "name": "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability",
                  "refsource": "MISC",
                  "url": "http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability"
                },
                {
                  "name": "40949",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/40949/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-10174",
        "datePublished": "2017-01-30T04:24:00.000Z",
        "dateReserved": "2017-01-29T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:55:46.735Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-3069 (GCVE-0-2013-3069)

    Vulnerability from cvelistv5 – Published: 2014-04-25 17:00 – Updated: 2024-08-06 16:00
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityevaluators.com/knowledge/case_stud… x_refsource_MISC
    http://osvdb.org/92557 vdb-entryx_refsource_OSVDB
    Date Public
    2013-04-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:00:10.066Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf"
              },
              {
                "name": "92557",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/92557"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-04-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-04-25T16:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf"
            },
            {
              "name": "92557",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/92557"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-3069",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf",
                  "refsource": "MISC",
                  "url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf"
                },
                {
                  "name": "92557",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/92557"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-3069",
        "datePublished": "2014-04-25T17:00:00.000Z",
        "dateReserved": "2013-04-15T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:00:10.066Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }