Skip to main content

Raxe450

6 CVEs product

Monthly

CVE-2026-62656 MEDIUM PATCH This Month

A security flaw was found in certain NETGEAR RAX models that could allow a logged-in user to send specially crafted requests to the router and run unauthorized commands. This could enable the user to make unauthorized changes to the router and affect its security and operation.

Authentication Bypass Netgear Raxe450 Raxe500
NVD
CVSS 4.0
5.4
EPSS
0.2%
CVE-2026-0418 MEDIUM PATCH This Month

System integrity tampering across a broad portfolio of NETGEAR home and small-business networking devices allows authenticated administrators on the local network to manipulate device configuration beyond intended boundaries, classified under CWE-15 (External Control of System or Configuration Setting). The CVSS 4.0 vector (AV:A/PR:H/VI:H) confirms that exploitation is constrained to adjacent network access with high-privilege credentials, yet the integrity impact on the vulnerable system is rated High. No public exploit code exists (SSVC: Exploitation none; CVSS E:U), and NETGEAR has released firmware patches for all affected product lines.

Information Disclosure Cbr750 Ex6120 Ex6130 Mr60 +31
NVD VulDB
CVSS 4.0
4.3
EPSS
0.0%
CVE-2026-0417 MEDIUM PATCH This Month

Integrity tampering in NETGEAR router and mesh network firmware allows authenticated administrators on the local network to submit insufficiently validated input, modifying the router's configuration or internal state in unintended ways. Affected devices span at least 27 product lines including MR/MS mesh units and R-series routers, all running firmware below specific patched versions identified by NETGEAR (EUVD-2026-35460). No public exploit has been identified at time of analysis, SSVC assigns no active exploitation and non-automatable status, and NETGEAR has released patched firmware across all affected product lines.

Information Disclosure Netgear Mr60 Mr70 Mr80 +24
NVD VulDB
CVSS 4.0
4.3
EPSS
0.1%
CVE-2026-9210 MEDIUM PATCH This Month

Insufficient input validation across 30+ NETGEAR router, range extender, and mesh networking models enables local network-adjacent modification of router software and functionality. The CVSS 4.0 vector assigns PR:N (no privileges required) and AV:A (adjacent network), yet the CVE description scopes the vulnerability to 'authenticated administrators' - the 'Authentication Bypass' tag supplied by NETGEAR suggests the input validation flaw may itself circumvent authentication controls, reconciling this apparent conflict. Integrity impact is rated High (VI:H) against the vulnerable system, meaning successful exploitation allows unauthorized firmware or configuration modification. No public exploit is identified at time of analysis (E:U), and this CVE is not listed in the CISA KEV catalog.

Authentication Bypass Netgear Ex3700 Ex3800 Ex6120 +28
NVD
CVSS 4.0
4.9
EPSS
0.1%
CVE-2026-0416 MEDIUM PATCH This Month

Improper input validation in NETGEAR RAXE450 and RAXE500 routers (firmware prior to V1.2.14.114) allows authenticated administrators on the local network to manipulate router functionality beyond the intended operational boundaries of the standard management interface. The vulnerability carries a CVSS 4.0 score of 4.3 (Medium), constrained by adjacent-network-only access and a high-privilege prerequisite. No public exploit has been identified and no active exploitation is reported (E:U); a vendor-released patch is available.

Information Disclosure Raxe450 Raxe500
NVD VulDB
CVSS 4.0
4.3
EPSS
0.0%
CVE-2026-0410 LOW PATCH Monitor

Integrity controls on multiple NETGEAR router firmware lines can be subverted by authenticated administrators on the local network through improper input validation (CWE-20), enabling privilege escalation beyond the intended administrative authorization boundary and permitting unauthorized modifications to router software and functionality. Twenty distinct NETGEAR SKUs across the R7000, RAX, RAXE, and XR1000 series are confirmed affected per ENISA EUVD-2026-35452, each with specific patched firmware thresholds now released by the vendor. No public exploit exists at time of analysis (CVSS E:U), and multiple CVSS constraints - adjacent-only attack vector, high complexity, and high privilege requirement - substantially limit the realistic threat population.

Authentication Bypass R7000 Rax20 Rax35V2 Rax41 +16
NVD VulDB
CVSS 4.0
1.9
EPSS
0.1%
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

A security flaw was found in certain NETGEAR RAX models that could allow a logged-in user to send specially crafted requests to the router and run unauthorized commands. This could enable the user to make unauthorized changes to the router and affect its security and operation.

Authentication Bypass Netgear Raxe450 +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

System integrity tampering across a broad portfolio of NETGEAR home and small-business networking devices allows authenticated administrators on the local network to manipulate device configuration beyond intended boundaries, classified under CWE-15 (External Control of System or Configuration Setting). The CVSS 4.0 vector (AV:A/PR:H/VI:H) confirms that exploitation is constrained to adjacent network access with high-privilege credentials, yet the integrity impact on the vulnerable system is rated High. No public exploit code exists (SSVC: Exploitation none; CVSS E:U), and NETGEAR has released firmware patches for all affected product lines.

Information Disclosure Cbr750 Ex6120 +33
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Integrity tampering in NETGEAR router and mesh network firmware allows authenticated administrators on the local network to submit insufficiently validated input, modifying the router's configuration or internal state in unintended ways. Affected devices span at least 27 product lines including MR/MS mesh units and R-series routers, all running firmware below specific patched versions identified by NETGEAR (EUVD-2026-35460). No public exploit has been identified at time of analysis, SSVC assigns no active exploitation and non-automatable status, and NETGEAR has released patched firmware across all affected product lines.

Information Disclosure Netgear Mr60 +26
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Insufficient input validation across 30+ NETGEAR router, range extender, and mesh networking models enables local network-adjacent modification of router software and functionality. The CVSS 4.0 vector assigns PR:N (no privileges required) and AV:A (adjacent network), yet the CVE description scopes the vulnerability to 'authenticated administrators' - the 'Authentication Bypass' tag supplied by NETGEAR suggests the input validation flaw may itself circumvent authentication controls, reconciling this apparent conflict. Integrity impact is rated High (VI:H) against the vulnerable system, meaning successful exploitation allows unauthorized firmware or configuration modification. No public exploit is identified at time of analysis (E:U), and this CVE is not listed in the CISA KEV catalog.

Authentication Bypass Netgear Ex3700 +30
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Improper input validation in NETGEAR RAXE450 and RAXE500 routers (firmware prior to V1.2.14.114) allows authenticated administrators on the local network to manipulate router functionality beyond the intended operational boundaries of the standard management interface. The vulnerability carries a CVSS 4.0 score of 4.3 (Medium), constrained by adjacent-network-only access and a high-privilege prerequisite. No public exploit has been identified and no active exploitation is reported (E:U); a vendor-released patch is available.

Information Disclosure Raxe450 Raxe500
NVD VulDB
EPSS 0% CVSS 1.9
LOW PATCH Monitor

Integrity controls on multiple NETGEAR router firmware lines can be subverted by authenticated administrators on the local network through improper input validation (CWE-20), enabling privilege escalation beyond the intended administrative authorization boundary and permitting unauthorized modifications to router software and functionality. Twenty distinct NETGEAR SKUs across the R7000, RAX, RAXE, and XR1000 series are confirmed affected per ENISA EUVD-2026-35452, each with specific patched firmware thresholds now released by the vendor. No public exploit exists at time of analysis (CVSS E:U), and multiple CVSS constraints - adjacent-only attack vector, high complexity, and high privilege requirement - substantially limit the realistic threat population.

Authentication Bypass R7000 Rax20 +18
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy