Severity by source
CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
AV:A for LAN-only attack surface, PR:H for required admin authentication, AC:H to reflect AT:P attack precondition; integrity-only impact with no confidentiality or availability effect.
Primary rating from Vendor (NETGEAR).
CVSS VectorVendor: NETGEAR
CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A security flaw was discovered in certain NETGEAR Nighthawk RAX series routers that could allow someone already logged in to the device to run unauthorized commands or code on the router.
AnalysisAI
Post-authentication command execution in NETGEAR Nighthawk RAX-series routers (RAX43, RAX45, RAX50, RAX54S, RAX54Sv2) permits an attacker already holding administrative credentials and adjacent network access to run unauthorized OS-level commands or code on the device. Rooted in CWE-20 (Improper Input Validation), the flaw bypasses authorization controls within the authenticated management session, yielding high integrity impact on the vulnerable system. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Three concrete preconditions must all be satisfied simultaneously. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 4.7 (Medium) accurately reflects several layered mitigating factors. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained admin credentials to one of the affected NETGEAR Nighthawk RAX routers - through credential theft, a weak or default password, or shared household access - connects to the same local network and authenticates to the router's web management interface. The attacker submits a specially crafted HTTP request with a malicious parameter value that passes the improperly validated input directly to an OS-level routine, resulting in execution of arbitrary shell commands on the router's firmware. … |
| Remediation | Patch available per vendor advisory - apply the firmware update for your specific router model immediately. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Insufficient input validation across 30+ NETGEAR router, range extender, and mesh networking models enables local networ
Integrity tampering in NETGEAR router and mesh network firmware allows authenticated administrators on the local network
System integrity tampering across a broad portfolio of NETGEAR home and small-business networking devices allows authent
Integrity controls on multiple NETGEAR router firmware lines can be subverted by authenticated administrators on the loc
Same weakness CWE-20 – Improper Input Validation
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44325
GHSA-fj97-xjm9-5vjr