Certain NETGEAR devices allow unauthenticated access to critical .cgi and .htm pages via a substring ending with .jpg, such as by appending ?x=1.jpg to a URL. This affects MBR1515, MBR1516, DGN2200, DGN2200M, DGND3700, WNR2000v2, WNDR3300, WNDR3400, WNR3500, and WNR834Bv2.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| netgear | mbr1515_firmware | - | - |
| netgear | mbr1516_firmware | - | - |
| netgear | dgn2200_firmware | - |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10
Affected Products
2
References
netgear / mbr1515_firmware
| - |
| netgear | dgn2200m_firmware | - | - |
| netgear | dgnd3700_firmware | - | - |
| netgear | wnr2000v2_firmware | - | - |
| netgear | wndr3300_firmware | - | - |
| netgear | wndr3400_firmware | - | - |
| netgear | wnr3500_firmware | - | - |
| netgear | wnr834bv2_firmware | - | - |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability
Impact