Skip to main content

Cax30

1 CVEs product

Monthly

CVE-2026-9211 MEDIUM PATCH This Month

Unauthenticated local-network control of NETGEAR CAX30, RAX30, RAX5, and RAXE300 routers is possible through an authentication bypass rooted in improper input validation (CWE-20). An attacker already present on the local network segment - such as a guest Wi-Fi user, a compromised IoT device, or a rogue actor on the same LAN - can circumvent authentication and gain full administrative control, enabling arbitrary configuration changes, traffic interception, or persistent backdoor installation. No public exploit code has been identified at time of analysis, and NETGEAR has released firmware patches for all four affected product lines.

Authentication Bypass Cax30 Rax30 Rax5 Raxe300
NVD
CVSS 4.0
5.2
EPSS
0.0%
EPSS 0% CVSS 5.2
MEDIUM PATCH This Month

Unauthenticated local-network control of NETGEAR CAX30, RAX30, RAX5, and RAXE300 routers is possible through an authentication bypass rooted in improper input validation (CWE-20). An attacker already present on the local network segment - such as a guest Wi-Fi user, a compromised IoT device, or a rogue actor on the same LAN - can circumvent authentication and gain full administrative control, enabling arbitrary configuration changes, traffic interception, or persistent backdoor installation. No public exploit code has been identified at time of analysis, and NETGEAR has released firmware patches for all four affected product lines.

Authentication Bypass Cax30 Rax30 +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy