Netgear Networking products
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Netgear product.
RSS Feeds for Netgear security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Netgear products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Netgear Sorted by Most Security Vulnerabilities since 2018
Known Exploited Netgear Vulnerabilities
The following Netgear vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| NETGEAR Multiple Devices Exposure of Sensitive Information Vulnerability |
Multiple NETGEAR devices are prone to admin password disclosure via simple crafted requests to the web management server. CVE-2017-5521 Exploit Probability: 89.3% |
September 8, 2022 |
| NETGEAR Multiple Devices Buffer Overflow Vulnerability |
Multiple NETGEAR devices contain a buffer overflow vulnerability that allow for authentication bypass and remote code execution. CVE-2017-6862 Exploit Probability: 42.7% |
June 8, 2022 |
| NETGEAR DGN2200 Devices OS Command Injection Vulnerability |
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands CVE-2017-6334 Exploit Probability: 72.2% |
March 25, 2022 |
| NETGEAR Multiple WAP Devices Command Injection Vulnerability |
Multiple NETGEAR Wireless Access Point devices allows unauthenticated web pages to pass form input directly to the command-line interface. Exploitation allows for arbitrary code execution. CVE-2016-1555 Exploit Probability: 98.3% |
March 25, 2022 |
| NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability |
The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution. CVE-2016-10174 Exploit Probability: 83.5% |
March 25, 2022 |
| NETGEAR DGN2200 Remote Code Execution Vulnerability |
NETGEAR DGN2200 wireless routers contain a vulnerability which allows for remote code execution. CVE-2017-6077 Exploit Probability: 68.2% |
March 7, 2022 |
| NETGEAR Multiple Routers Remote Code Execution Vulnerability |
NETGEAR confirmed multiple routers allow unauthenticated web pages to pass form input directly to the command-line interface, permitting remote code execution. CVE-2016-6277 Exploit Probability: 99.8% |
March 7, 2022 |
| Netgear ProSAFE Plus JGS516PE Remote Code Execution vulnerability |
NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level. CVE-2020-26919 Exploit Probability: 57.2% |
November 3, 2021 |
Of the known exploited vulnerabilities above, 6 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 2 known exploited Netgear vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
By the Year
In 2026 there have been 24 vulnerabilities in Netgear. Last year, in 2025 Netgear had 62 security vulnerabilities published. Right now, Netgear is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 24 | 0.00 |
| 2025 | 62 | 9.21 |
| 2024 | 85 | 8.04 |
| 2023 | 10 | 8.73 |
| 2022 | 25 | 8.96 |
| 2021 | 6 | 8.22 |
| 2020 | 16 | 9.80 |
| 2019 | 1 | 0.00 |
It may take a day or so for new Netgear vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Netgear Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-0420 | Jun 09, 2026 |
Netgear ReadyCloud TLS Cert Validation Bypass MiTM AttacksAn improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks impacting the product's confidentiality. This vulnerability affects the listed NETGEAR models. |
|
| CVE-2026-9212 | Jun 09, 2026 |
NETGEAR Router Local Network Auth Bypass & Command ExecInsufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or change certain configurations. |
|
| CVE-2026-0415 | Jun 09, 2026 |
NETGEAR Router Firmware Input Validation Flaw Enables Admin ModificationsInsufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality. |
Rbr750
Rbr840
Rbr850
And others... |
| CVE-2026-0411 | Jun 09, 2026 |
NETGEAR Orbi Satellites Info Disclosure: Remote Admin GainsAn information disclosure vulnerability in the NETGEAR Orbi satellites (RBR/RBE/RBS Series) could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability. Orbi WiFi Systems without satellite devices are not impacted by this issue. |
Rbe970
|
| CVE-2026-0414 | Jun 09, 2026 |
NETGEAR Router Input Validation Flaw Allows Admin RCE (CVE-2026-0414)Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality. |
Rbe970
|
| CVE-2026-0413 | Jun 09, 2026 |
NETGEAR Router Insufficient Buffer Input Validation (CVE-2026-0413)A buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality. |
Rbr750
Rbr840
Rbr850
And others... |
| CVE-2026-0418 | Jun 09, 2026 |
NETGEAR ConfigMgmt Flaw Enables Local Admin TamperingInsufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system. |
Rbr750
Rbr840
Rbr850
And others... |
| CVE-2026-0417 | Jun 09, 2026 |
INSUFFICIENT INPUT VALIDATION IN NETGEAR ROUTER ALLOWS AUTH ADM TAMPERINGInsufficient input validation vulnerability in the listed NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity. |
|
| CVE-2026-9210 | Jun 09, 2026 |
NETGEAR Router Firmware: Authenticated Admin Input Validation ExploitInsufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality. |
Ex3700
Ex3800
Ex6120
And others... |
| CVE-2026-9211 | Jun 09, 2026 |
Netgear Router: Local Network Control (Unauthenticated)An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation. |
|
| CVE-2026-0416 | Jun 09, 2026 |
Netgear Router Functionality Modification via Admin Interface (CVE-2026-0416)An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with local network access to submit crafted input that bypasses intended management interface restrictions, resulting in unauthorized modification of protected router software or functionality. |
Raxe450
Raxe500
|
| CVE-2026-9213 | Jun 09, 2026 |
NETGEAR Gaming Router RCE via Traffic InterceptionA vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device. |
Raxe500
|
| CVE-2026-3088 | Jun 09, 2026 |
Netgear Router DoS via Unauthenticated Local Network RequestUnauthenticated users on the local network can cause the router to become unavailable by sending specially crafted requests. |
Rbr860
Rbre950
Rbre960
And others... |
| CVE-2026-0419 | Jun 09, 2026 |
NETGEAR JR6150 IoT Router OS Command InjectionInsufficient input validation in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows users connected to the local WiFi Networks to execute operating system commands. NETGEAR JR6150 has reached End-of-Support phase as of 2018 , and no further security updates are planned. NETGEAR strongly recommends replacing these devices with newer NETGEAR models to ensure continued security support and updates. This vulnerability has been identified through firmware emulation in a controlled research environment and has not been verified on production hardware. |
|
| CVE-2026-0412 | Jun 09, 2026 |
Insufficient Input Validation in NETGEAR JR6150 Router Firmware CVE-2026-0412Insufficient input validation vulnerability in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in 2018 and is no longer receiving security updates. NETGEAR strongly recommends replacing these devices with newer NETGEAR models to ensure continued security support and updates. This vulnerability has been identified through firmware emulation in a controlled research environment and has not been verified on production hardware. |
|
| CVE-2026-0410 | Jun 09, 2026 |
Netgear Router Admin Auth Escalation via Local NetAuthenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality. |
|
| CVE-2026-0409 | Jun 09, 2026 |
Netgear Orbi 370 router <=V12.1.2.7 RCE via traffic tamperingA NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions. This issue affects NETGEAR Orbi 370 series devices before V12.1.2.7. |
|
| CVE-2026-24714 | Jan 30, 2026 |
NETGEAR Router Telnet Enable Vulnerability (Magic Packet)Some end of service NETGEAR products provide "TelnetEnable" functionality, which allows a magic packet to activate telnet service on the box. |
|
| CVE-2026-0404 | Jan 13, 2026 |
Insufficient Input Validation in NETGEAR Orbi DHCPv6 Allows OS InjectionAn insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is not enabled by default. |
Rbre960
Rbse960
Rbr850
And others... |
| CVE-2026-0408 | Jan 13, 2026 |
NETGEAR WiFi Range Extender Path Traversal Exposes CredentialsA path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file, which records the username and password submitted to the router GUI. |
Ex5000
Ex3110
Ex6110
And others... |
| CVE-2026-0407 | Jan 13, 2026 |
Insufficient Auth CVE-2026-0407 in NETGEAR WiFi ExtenderAn insufficient authentication vulnerability in NETGEAR WiFi range extenders allows a network adjacent attacker with WiFi authentication or a physical Ethernet port connection to bypass the authentication process and access the admin panel. |
Ex5000
Ex3110
Ex6110
And others... |
| CVE-2026-0406 | Jan 13, 2026 |
Netgear XR1000v2 LAN OS Command InjectionAn insufficient input validation vulnerability in the NETGEAR XR1000v2 allows attackers connected to the router's LAN to execute OS command injections. |
Xr1000v2
|
| CVE-2026-0405 | Jan 13, 2026 |
Auth Bypass in NETGEAR Orbi LAN AccessAn authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin. |
Rbe970
Rbe971
Cbr750
And others... |
| CVE-2026-0403 | Jan 13, 2026 |
Insufficient Input Validation OS Command Injection in NETGEAR Orbi Router (LAN)An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN to execute OS command injections. |
Rbr750
Rbs750
Rbre960
And others... |
| CVE-2025-12946 | Dec 09, 2025 |
NETGEAR Nighthawk Speedtest DNS-MITM (RS7001.0.7.82, RAXV1.1.6.36)A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques (MiTM) to manipulate DNS responses and execute commands when speedtests are run. This issue affects RS700: through 1.0.7.82; RAX54Sv2 : before V1.1.6.36; RAX41v2: before V1.1.6.36; RAX50: before V1.2.14.114; RAXE500: before V1.2.14.114; RAX41: before V1.0.17.142; RAX43: before V1.0.17.142; RAX35v2: before V1.0.17.142; RAXE450: before V1.2.14.114; RAX43v2: before V1.1.6.36; RAX42: before V1.0.17.142; RAX45: before V1.0.17.142; RAX50v2: before V1.1.6.36; MR90: before V1.0.2.46; MS90: before V1.0.2.46;RAX42v2: before V1.1.6.36; RAX49S: before V1.1.6.36. |
Rs700
Rax54sv2
Rax41v2
And others... |
| CVE-2025-12945 | Dec 09, 2025 |
NETGEAR Nighthawk R7000P 1.3.3.154 Auth cmd injectionA vulnerability in NETGEAR Nighthawk R7000P routers lets an authenticated admin execute OS command injections due to improper input validation. This issue affects R7000P: through 1.3.3.154. |
R7000p
|
| CVE-2025-12941 | Dec 09, 2025 |
NETGEARC 6220/6230 DOCSIS 3.0 Router DoS: Authenticated WiFi Users Can RebootDenial of Service Vulnerability in NETGEARC6220andC6230(DOCSIS® 3.0 Two-in-one Cable Modem + WiFi Router) allows authenticated local WiFi users reboot the router. |
C6220
C6230
|
| CVE-2025-12944 | Nov 11, 2025 |
NETGEAR DGN2200v4 RCE via Improper Input Validation (FW <1.0.0.132)Improper input validation in NETGEAR DGN2200v4 (N300 Wireless ADSL2+ Modem Router) allows attackers with direct network access to the device to potentially execute code on the device. Please check the firmware version and update to the latest. Fixed in: DGN2200v4 firmware 1.0.0.132 or later |
Dgn2200v4
|
| CVE-2025-12943 | Nov 11, 2025 |
NETGEAR RAX30/RAXE300 Improper Cert Validation in Firmware Update logicImproper certificate validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream AX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band WiFi 6E Router) allows attackers with the ability to intercept and tamper traffic destined to the device to execute arbitrary commands on the device. Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update to the latest. Fixed in: RAX30 firmware 1.0.14.108 or later. RAXE300 firmware 1.0.9.82 or later |
Rax30
Raxe300
|
| CVE-2025-12942 | Nov 11, 2025 |
NETGEAR R6260/R6850 DNS MiTM via Improper Input Validation before 1.1.0.86Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86. |
R6260
R6850
|
| CVE-2025-12940 | Nov 11, 2025 |
NETGEAR WAX610/WAX610Y Credential Logging via Syslog (10.8.11.4)Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points). An user having access to the syslog server can read the logs containing these credentials. This issue affects WAX610: before 10.8.11.4; WAX610Y: before 10.8.11.4. Devices managed with Insight get automatic updates. If not, please check the firmware version and update to the latest. Fixed in: WAX610 firmware 11.8.0.10 or later. WAX610Y firmware 11.8.0.10 or later. |
Wax610
Wax610y
|
| CVE-2013-10063 | Aug 01, 2025 |
Netgear SPH200D Path Traversal <=1.0.4.80A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions <= 1.0.4.80 in its embedded web server. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside the web root by injecting traversal sequences. This can expose sensitive system files and configuration data. |
Sph200d
|
| CVE-2013-10061 | Aug 01, 2025 |
Netgear DGN1000B OS Command Injection via TimeToLive (v1.1.00.24-45)An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neutralization, enabling command injection through crafted POST requests. This flaw enables remote attackers to deploy payloads or manipulate system state post-authentication. |
Dgn1000v3 Firmware
|
| CVE-2013-10060 | Aug 01, 2025 |
Netgear DGN2200B Router RCE via pppoe.cgi command injection (<=1.0.0.36)An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the pppoe_username parameter. This flaw allows full compromise of the device and may persist across reboots unless configuration is restored. |
Dgn2200b Firmware
|
| CVE-2025-44658 | Jul 21, 2025 |
Netgear RAX30 v1.0.10.94 PHP-FPM RCE via alternate extensionsIn Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tricking the web server into executing them as PHP, bypassing security mechanisms based on file extension filtering. This may lead to remote code execution (RCE), information disclosure, or full system compromise. |
Rax30 Firmware
|
| CVE-2025-52082 | Jul 15, 2025 |
Netgear XR300 V1.0.3.38 stack buffer overflow in usb_device.cgi via POSTIn Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the read_access parameter. |
Xr300 Firmware
|
| CVE-2025-52081 | Jul 15, 2025 |
Stack Buffer Overflow in Netgear XR300 V1.0.3.38_10.3.30 via usb_device.cgiIn Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the usb_folder parameter. |
Xr300 Firmware
|
| CVE-2025-52080 | Jul 15, 2025 |
Netgear XR300 V1.0.3.38_10.3.30: HTTPD stack overflow via usb_device.cgiIn Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the share_name parameter. |
Xr300 Firmware
|
| CVE-2025-7407 | Jul 10, 2025 |
Netgear D6400 OS Command Injection via diag.cgi (v1.0.0.114)A vulnerability, which was classified as critical, was found in Netgear D6400 1.0.0.114. This affects an unknown part of the file diag.cgi. The manipulation of the argument host_name leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early and confirmed the existence of the vulnerability. They reacted very quickly, professional and kind. This vulnerability only affects products that are no longer supported by the maintainer. |
D6400 Firmware
|
| CVE-2025-6511 | Jun 23, 2025 |
Netgear EX6150 1.0.0.46_1.0.76: Remote Stack Buffer Overflow in sub_410090A vulnerability classified as critical has been found in Netgear EX6150 1.0.0.46_1.0.76. This affects the function sub_410090. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. |
Ex6150 Firmware
|
| CVE-2025-6510 | Jun 23, 2025 |
Netgear EX6100 1.0.2.28_1.1.138 stk buf overflow in sub_415EF8 (critical)A vulnerability was found in Netgear EX6100 1.0.2.28_1.1.138. It has been rated as critical. Affected by this issue is the function sub_415EF8. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. |
Ex6100 Firmware
|
| CVE-2025-5934 | Jun 10, 2025 |
Netgear EX3700 stack-based buffer overflow CVE-2025-5934 fixed in 1.0.0.98A vulnerability was found in Netgear EX3700 up to 1.0.0.88. It has been classified as critical. Affected is the function sub_41619C of the file /mtd. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.0.98 is able to address this issue. It is recommended to upgrade the affected component. This vulnerability only affects products that are no longer supported by the maintainer. |
Ex3700 Firmware
|
| CVE-2025-5495 | Jun 03, 2025 |
Netgear WNR614 1.1.0.28_1.0.1WW URL Handler auth bypassA vulnerability was found in Netgear WNR614 1.1.0.28_1.0.1WW. It has been classified as critical. This affects an unknown part of the component URL Handler. The manipulation with the input %00currentsetting.htm leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This issue appears to have been circulating as an 0day since 2024. |
Wnr614 Firmware
|
| CVE-2025-4980 | May 20, 2025 |
Netgear DGND3700 1.1.00.15_1.00.15NA Remote Info Disclosure via mini_httpA vulnerability has been found in Netgear DGND3700 1.1.00.15_1.00.15NA and classified as problematic. This vulnerability affects unknown code of the file /currentsetting.htm of the component mini_http. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. |
Dgnd3700 Firmware
|
| CVE-2025-4978 | May 20, 2025 |
Netgear DGND3700 1.1.00.15_1.00.15NA: Basic Auth Improper Auth RemoteA vulnerability, which was classified as very critical, was found in Netgear DGND3700 1.1.00.15_1.00.15NA. This affects an unknown part of the file /BRS_top.html of the component Basic Authentication. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. |
Dgnd3700 Firmware
|
| CVE-2025-4977 | May 20, 2025 |
Netgear DGND3700 1.1.00.15_1.00.15NA BRS_top.html Info Disclosure RemoteA vulnerability, which was classified as problematic, has been found in Netgear DGND3700 1.1.00.15_1.00.15NA. Affected by this issue is some unknown functionality of the file /BRS_top.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other products might be affected as well. The vendor was contacted early about this disclosure. |
Dgnd3700 Firmware
|
| CVE-2025-45492 | May 06, 2025 |
Netgear EX8000 V1.0.0.126 - Command Injection via action_wireless Iface parameterNetgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function. |
Ex8000 Firmware
|
| CVE-2024-57229 | May 05, 2025 |
NETGEAR RAX5 AX1600 WiFi Router V1.0.2.26 Cmd Inject via devnameNETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. |
Rax50 Firmware
|
| CVE-2024-57230 | May 05, 2025 |
NETGEAR RAX5 Command Injection in apcli_do_enr_pin_wps (v1.0.2.26)NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. |
Rax50 Firmware
|
| CVE-2024-57231 | May 05, 2025 |
NETGEAR RAX5 CMD INJ via ifname param before v1.0.2.26NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. |
Rax50 Firmware
|