Skip to main content

Rax54S

1 CVEs product

Monthly

CVE-2026-62658 MEDIUM PATCH This Month

Post-authentication command execution in NETGEAR Nighthawk RAX-series routers (RAX43, RAX45, RAX50, RAX54S, RAX54Sv2) permits an attacker already holding administrative credentials and adjacent network access to run unauthorized OS-level commands or code on the device. Rooted in CWE-20 (Improper Input Validation), the flaw bypasses authorization controls within the authenticated management session, yielding high integrity impact on the vulnerable system. No public exploit identified at time of analysis, though the CVSS 4.0 supplemental metric E:P indicates proof-of-concept code exists; a vendor-released patch is available from NETGEAR.

Authentication Bypass Netgear Rax43 Rax45 Rax50 +2
NVD
CVSS 4.0
4.7
EPSS
0.2%
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Post-authentication command execution in NETGEAR Nighthawk RAX-series routers (RAX43, RAX45, RAX50, RAX54S, RAX54Sv2) permits an attacker already holding administrative credentials and adjacent network access to run unauthorized OS-level commands or code on the device. Rooted in CWE-20 (Improper Input Validation), the flaw bypasses authorization controls within the authenticated management session, yielding high integrity impact on the vulnerable system. No public exploit identified at time of analysis, though the CVSS 4.0 supplemental metric E:P indicates proof-of-concept code exists; a vendor-released patch is available from NETGEAR.

Authentication Bypass Netgear Rax43 +4
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy