13
CVEs
0
Critical
9
High
0
KEV
2
PoC
3
Unpatched C/H
46.2%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
0
HIGH
9
MEDIUM
3
LOW
1
Monthly CVE Trend
Affected Products (30)
Command Injection
27
Ex6200 Firmware
8
Wnr854T Firmware
8
Rax50 Firmware
7
Jwnr2000 Firmware
4
R6260 Firmware
3
Rbr850 Firmware
3
Rbse960 Firmware
3
Dgnd3700 Firmware
3
Rbs850 Firmware
3
Rbre960 Firmware
3
Rbs750 Firmware
3
Rbr860 Firmware
3
Rbr750 Firmware
3
Rbs860 Firmware
3
Jwnr2000V2 Firmware
3
Rax120 Firmware
2
Rbre950 Firmware
2
Ex3110 Firmware
2
Rbs840 Firmware
2
Rbe970 Firmware
2
Ex6110 Firmware
2
Ex5000 Firmware
2
Rbe971 Firmware
2
Ex2800 Firmware
2
Bl X26 Da3 Firmware
2
R9000 Firmware
2
Dgn2200 Firmware
2
Bl Wr9000 Firmware
2
Ex6120 Firmware
2
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2022-40619 | FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsq_access_token parameter. [CVSS 7.7 HIGH] | HIGH | 7.7 | 0.8% | 59 |
PoC
No patch
|
| CVE-2022-40620 | FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. [CVSS 7.7 HIGH] | HIGH | 7.7 | 0.1% | 59 |
PoC
No patch
|
| CVE-2026-0404 | Authenticated attackers on the same network can execute arbitrary OS commands on NETGEAR Orbi routers (RBS860, RBR850, RBSE950) through improper validation of DHCPv6 input. The vulnerability requires local or WiFi network access but no user interaction, giving attackers full system compromise capabilities on affected devices. A patch is available for this high-severity flaw. | HIGH | 8.0 | 0.1% | 40 |
|
| CVE-2026-0403 | NETGEAR Orbi routers (RBS850, RBE970, RBS750) are vulnerable to OS command injection through inadequate input validation, enabling attackers on the local network to execute arbitrary commands with elevated privileges. The vulnerability requires LAN access and low privileges but provides complete system compromise through high-impact code execution capabilities. A patch is available for affected firmware versions. | HIGH | 8.0 | 0.1% | 40 |
|
| CVE-2026-0407 | NETGEAR WiFi extenders (Ex3110, Ex6110, Ex5000, Ex2800) contain an authentication bypass vulnerability that allows network-adjacent attackers with WiFi access or physical Ethernet connectivity to gain unauthorized admin panel access. An attacker can exploit insufficient authentication validation to fully compromise the device's confidentiality, integrity, and availability. A patch is available for affected firmware versions. | HIGH | 8.0 | 0.1% | 40 |
|
| CVE-2026-0408 | NETGEAR WiFi extenders (Ex5000, Ex6110, Ex2800, Ex3110) with improper path traversal validation allow authenticated LAN users to access the webproc configuration file and extract stored router credentials. An attacker with local network access can leverage this to obtain administrative credentials for further network compromise. A patch is available. | HIGH | 8.0 | 0.1% | 40 |
|
| CVE-2026-0406 | NETGEAR XR1000v2 routers are vulnerable to OS command injection through inadequate input validation, enabling attackers with LAN access to execute arbitrary commands with elevated privileges. The vulnerability affects authenticated users on the local network and could allow complete router compromise including data interception and network manipulation. A patch is available. | HIGH | 8.0 | 0.0% | 40 |
|
| CVE-2026-0405 | Unauthenticated administrative access in NETGEAR Orbi routers (CBR750, NBR750, RBE370, RBE371) allows local network attackers to bypass authentication and gain full admin control of the web interface. This high-severity vulnerability (CVSS 7.8) impacts all users on networks connected to affected devices, enabling attackers to modify router settings, potentially compromising network security and connected devices. A patch is available. | HIGH | 7.8 | 0.0% | 39 |
|
| CVE-2026-24714 | End-of-service Netgear devices with TelnetEnable functionality can have telnet service remotely activated via specially crafted magic packets, enabling unauthenticated remote access to the device. An attacker on the network can exploit this to gain command-line access without credentials, potentially leading to device compromise and lateral movement. No patch is available for affected products. | HIGH | 7.5 | 0.1% | 38 |
No patch
|
| CVE-2025-12940 | Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points). Rated low severity (CVSS 0.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available. | LOW | 0.5 | 0.0% | – |
No patch
|
| CVE-2025-12942 | Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to. Rated medium severity (CVSS 4.8). No vendor patch available. | MEDIUM | 4.8 | 0.0% | – |
No patch
|
| CVE-2025-12943 | Improper certificate validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream AX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band WiFi 6E Router) allows attackers with. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available. | MEDIUM | 5.2 | 0.0% | – |
No patch
|
| CVE-2025-12944 | Improper input validation in NETGEAR DGN2200v4 (N300 Wireless ADSL2+ Modem Router) allows attackers with direct network access to the device to potentially execute code on the device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available. | MEDIUM | 6.8 | 0.1% | – |
No patch
|