Skip to main content

NETGEAR ReadyCloud EUVDEUVD-2026-35467

| CVE-2026-0420 MEDIUM
Missing Cryptographic Step (CWE-325)
2026-06-09 NETGEAR GHSA-vww4-r7gr-9xvq
4.6
CVSS 4.0 · Vendor: NETGEAR
Share

Severity by source

Vendor (NETGEAR) PRIMARY
4.6 MEDIUM
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (NETGEAR) · only source for this CVE.

CVSS VectorVendor: NETGEAR

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 09, 2026 - 20:05 vuln.today
CVSS changed
Jun 09, 2026 - 17:22 NVD
4.6 (MEDIUM)
CVE Published
Jun 09, 2026 - 15:50 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

An improper implementation of TLS certificate validation vulnerability found in ReadyCloud client app which can allow an attacker to perform attacker-in-the-middle (MiTM) style attacks impacting product's confidentiality. This vulnerability affects the listed NETGEAR models.

AnalysisAI

TLS certificate validation failure in the ReadyCloud client app on multiple NETGEAR router models exposes confidential data to network interception. The app does not properly validate TLS certificates (CWE-325), enabling a network-positioned attacker to perform man-in-the-middle (MiTM) attacks against ReadyCloud communications. Affected models include the RAX35, RAX38, RAX40, RAX120v1, and RAX120v2 running firmware below the patched versions; no public exploit code exists and no active exploitation has been confirmed.

Technical ContextAI

CWE-325 (Missing Required Cryptographic Step) describes a failure to perform a mandatory step in a cryptographic protocol - here, the TLS certificate validation chain. When a TLS client skips or improperly implements certificate verification, it cannot distinguish a legitimate server certificate from a forged one presented by an adversary. The ReadyCloud client app, embedded in NETGEAR Nighthawk-series routers (CPE: cpe:2.3:a:netgear:rax35, rax38, rax40, rax120v1, rax120v2), communicates with NETGEAR's ReadyCloud remote access service over TLS. The flawed validation means an attacker who can intercept the TCP/TLS session can present an arbitrary certificate and successfully negotiate a session, stripping confidentiality from the channel. The CVSS 4.0 vector confirms a network attack path (AV:N) but notes high complexity (AC:H) and additional prerequisites (AT:P), reflecting that a privileged network position - not just any internet host - is required.

RemediationAI

Upgrade affected router firmware to the patched releases confirmed in EUVD-2026-35467: RAX120v1 and RAX120v2 should be updated to V1.2.9.52 or later; RAX35, RAX38, and RAX40 should be updated to V1.0.6.106 or later. Firmware is available via the NETGEAR support pages at https://www.netgear.com/support/product/rax35/, https://www.netgear.com/support/product/rax38/, https://www.netgear.com/support/product/rax40/, and https://www.netgear.com/support/product/rax120v2/. As a compensating control for devices that cannot be immediately patched, administrators should disable the ReadyCloud remote access feature in the router's admin interface, which eliminates the attack surface entirely at the cost of losing ReadyCloud remote access functionality. Additionally, ensuring that router management and ReadyCloud traffic only traverse trusted network segments reduces the MiTM prerequisite. No workaround substitutes fully for the firmware patch.

Share

EUVD-2026-35467 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy