Skip to main content

Netgear

Vendor security scorecard – 21 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 28
21
CVEs
0
Critical
3
High
0
KEV
2
PoC
3
Unpatched C/H
71.4%
Patch Rate
0.1%
Avg EPSS

Severity Breakdown

CRITICAL
0
HIGH
3
MEDIUM
18
LOW
0

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2022-40619 FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsq_access_token parameter. [CVSS 7.7 HIGH] HIGH 7.7 0.8% 59
PoC No patch
CVE-2022-40620 FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. [CVSS 7.7 HIGH] HIGH 7.7 0.1% 59
PoC No patch
CVE-2026-24714 End-of-service Netgear devices with TelnetEnable functionality can have telnet service remotely activated via specially crafted magic packets, enabling unauthenticated remote access to the device. An attacker on the network can exploit this to gain command-line access without credentials, potentially leading to device compromise and lateral movement. No patch is available for affected products. HIGH 7.5 0.1% 38
No patch
CVE-2026-9213 Remote code execution affects NETGEAR gaming routers (XR1000, MR70, MS70, RAXE500) when an attacker holds an on-path man-in-the-middle position between the device and the internet. The CVSS 4.0 vector (AV:N/AC:H/AT:P/PR:N/UI:N) confirms no privileges are needed on the target device but requires both high attack complexity and a specific network prerequisite - the ability to intercept and tamper with upstream traffic. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog. MEDIUM 6.9 0.2% 35
CVE-2026-15757 A security flaw was discovered in the NETGEAR DGND3700v1 that could allow someone on the same local WiFi network to send unauthorized commands to the MEDIUM 6.3 0.2% 32
No patch
CVE-2026-62655 Stack-based buffer overflow in multiple NETGEAR Orbi mesh WiFi models (RBR860, RBRE950/960, RBE970/971, RBS860, RBSE950/960) enables an unauthenticated adjacent-network attacker to crash or force a restart of the affected device, causing a loss of network connectivity. The root cause is CWE-121 (stack-based buffer overflow), meaning a crafted network payload can overwrite stack memory and destabilize the device process. The CVSS 4.0 supplemental metric E:P indicates a proof-of-concept exploit exists, elevating practical risk despite the moderate base score of 5.7. MEDIUM 5.7 0.2% 29
CVE-2026-9212 Insufficient authentication (CWE-306) and input validation weaknesses across more than 25 NETGEAR router and mesh system models allow an adjacent-network attacker with low-level privileges to execute arbitrary commands and read sensitive configuration data, or alter certain device settings. The CVSS 4.0 vector confirms the attack is limited to adjacent network segments (AV:A) and requires low privileges (PR:L), with high confidentiality impact on both the vulnerable component and subsequent systems (VC:H, SC:H). No public exploit has been identified at time of analysis, and NETGEAR has self-reported the issue with patches available for all listed product lines. MEDIUM 5.6 0.1% 28
CVE-2026-62656 A security flaw was found in certain NETGEAR RAX models that could allow a logged-in user to send specially crafted requests to the router and run una MEDIUM 5.4 0.2% 27
CVE-2026-62657 A security flaw in the router's certificate validation process was discovered in the NETGEAR XR1000 Gaming Router and certain Nighthawk models that co MEDIUM 4.9 0.1% 25
CVE-2026-9210 Insufficient input validation across 30+ NETGEAR router, range extender, and mesh networking models enables local network-adjacent modification of router software and functionality. The CVSS 4.0 vector assigns PR:N (no privileges required) and AV:A (adjacent network), yet the CVE description scopes the vulnerability to 'authenticated administrators' - the 'Authentication Bypass' tag supplied by NETGEAR suggests the input validation flaw may itself circumvent authentication controls, reconciling this apparent conflict. Integrity impact is rated High (VI:H) against the vulnerable system, meaning successful exploitation allows unauthorized firmware or configuration modification. No public exploit is identified at time of analysis (E:U), and this CVE is not listed in the CISA KEV catalog. MEDIUM 4.9 0.1% 25
CVE-2026-0409 Remote command execution in NETGEAR Orbi 370 series routers (firmware before V12.1.2.7) is achievable by a network-positioned adversary who can intercept and tamper with traffic between the device and the internet. Exploitation requires the device administrator to perform specific management actions while the attacker holds a man-in-the-middle position, at which point a buffer overflow (CWE-119) is triggered allowing arbitrary command execution on the device. No public exploit exists at time of analysis and the vendor has released a patching firmware (V12.1.2.7); no KEV listing has been issued by CISA. MEDIUM 4.8 0.1% 24
CVE-2026-62658 Post-authentication command execution in NETGEAR Nighthawk RAX-series routers (RAX43, RAX45, RAX50, RAX54S, RAX54Sv2) permits an attacker already holding administrative credentials and adjacent network access to run unauthorized OS-level commands or code on the device. Rooted in CWE-20 (Improper Input Validation), the flaw bypasses authorization controls within the authenticated management session, yielding high integrity impact on the vulnerable system. No public exploit identified at time of analysis, though the CVSS 4.0 supplemental metric E:P indicates proof-of-concept code exists; a vendor-released patch is available from NETGEAR. MEDIUM 4.7 0.2% 24
CVE-2026-0420 TLS certificate validation failure in the ReadyCloud client app on multiple NETGEAR router models exposes confidential data to network interception. The app does not properly validate TLS certificates (CWE-325), enabling a network-positioned attacker to perform man-in-the-middle (MiTM) attacks against ReadyCloud communications. Affected models include the RAX35, RAX38, RAX40, RAX120v1, and RAX120v2 running firmware below the patched versions; no public exploit code exists and no active exploitation has been confirmed. MEDIUM 4.6 0.0% 23
CVE-2026-0419 OS command injection in NETGEAR JR6150 firmware (all versions ≤ 1.0.1.26) allows locally authenticated or WiFi-connected users to execute arbitrary operating system commands via insufficient input validation (CWE-20). The device reached End-of-Support in 2018 and NETGEAR will not release a patch, leaving all deployments permanently unmitigated. No public exploit code exists and active exploitation has not been confirmed (not listed in CISA KEV), but the perpetual absence of patching makes device replacement the only durable remediation. MEDIUM 4.4 0.1% 22
No patch
CVE-2026-62659 A security flaw was discovered in the NETGEAR WAX333 Access Point that could allow someone already logged in and connected to the local network to mak MEDIUM 4.3 0.2% 22

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy