Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:L/U:Amber
Primary rating from Vendor (NETGEAR) · only source for this CVE.
CVSS VectorVendor: NETGEAR
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:L/U:Amber
Lifecycle Timeline
3DescriptionCVE.org
Authenticated administrators connected to the local network can modify router functionality beyond what is intended through the standard management interface.
AnalysisAI
Improper input validation in NETGEAR RAXE450 and RAXE500 routers (firmware prior to V1.2.14.114) allows authenticated administrators on the local network to manipulate router functionality beyond the intended operational boundaries of the standard management interface. The vulnerability carries a CVSS 4.0 score of 4.3 (Medium), constrained by adjacent-network-only access and a high-privilege prerequisite. No public exploit has been identified and no active exploitation is reported (E:U); a vendor-released patch is available.
Technical ContextAI
The root cause is CWE-20 (Improper Input Validation), meaning the router's management interface firmware fails to adequately validate, sanitize, or constrain input submitted by authenticated administrator sessions. Affected hardware is confirmed via CPE strings cpe:2.3:a:netgear:raxe450 and cpe:2.3:a:netgear:raxe500, covering NETGEAR's tri-band Wi-Fi 6E RAXE450 and RAXE500 consumer and prosumer routers. The management interface - the standard administrative control plane - does not enforce sufficient authorization or input boundaries even for fully privileged accounts, allowing operations that exceed the designed functional scope of that interface. This suggests the firmware lacks server-side enforcement of what administrative operations are permissible, implying the access control boundary is determined by the client rather than validated on the device itself.
RemediationAI
Upgrade firmware on affected NETGEAR RAXE500 and RAXE450 routers to version V1.2.14.114 or later, available directly from NETGEAR's support pages at https://www.netgear.com/support/product/raxe500/ and https://www.netgear.com/support/product/raxe450/. This is a vendor-released patch confirmed by NETGEAR's own advisory references. As compensating controls prior to patching, restrict access to the router's management interface by placing it on a dedicated management VLAN accessible only to authorized administrative hosts - this directly limits the adjacent-network attack surface. Disabling remote management if it is enabled reduces exposure but does not eliminate the vulnerability since AV:A already implies local network access is required. Enforcing strong, unique administrator credentials reduces the likelihood of the required PR:H prerequisite being met, though this does not patch the underlying input validation flaw. Note that VLAN segmentation of the management interface may interrupt workflows where administrators manage the device from general-use network segments.
A security flaw was found in certain NETGEAR RAX models that could allow a logged-in user to send specially crafted requ
Insufficient input validation across 30+ NETGEAR router, range extender, and mesh networking models enables local networ
Integrity tampering in NETGEAR router and mesh network firmware allows authenticated administrators on the local network
System integrity tampering across a broad portfolio of NETGEAR home and small-business networking devices allows authent
Integrity controls on multiple NETGEAR router firmware lines can be subverted by authenticated administrators on the loc
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35457
GHSA-hwrm-xj23-7cff