Skip to main content

Netgear

Vendor security scorecard – 6 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 0
6
CVEs
0
Critical
0
High
0
KEV
0
PoC
0
Unpatched C/H
83.3%
Patch Rate
0.2%
Avg EPSS

Severity Breakdown

CRITICAL
0
HIGH
0
MEDIUM
6
LOW
0

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2026-15757 A security flaw was discovered in the NETGEAR DGND3700v1 that could allow someone on the same local WiFi network to send unauthorized commands to the MEDIUM 6.3 0.2% 32
No patch
CVE-2026-62655 Stack-based buffer overflow in multiple NETGEAR Orbi mesh WiFi models (RBR860, RBRE950/960, RBE970/971, RBS860, RBSE950/960) enables an unauthenticated adjacent-network attacker to crash or force a restart of the affected device, causing a loss of network connectivity. The root cause is CWE-121 (stack-based buffer overflow), meaning a crafted network payload can overwrite stack memory and destabilize the device process. The CVSS 4.0 supplemental metric E:P indicates a proof-of-concept exploit exists, elevating practical risk despite the moderate base score of 5.7. MEDIUM 5.7 0.2% 29
CVE-2026-62656 A security flaw was found in certain NETGEAR RAX models that could allow a logged-in user to send specially crafted requests to the router and run una MEDIUM 5.4 0.2% 27
CVE-2026-62657 A security flaw in the router's certificate validation process was discovered in the NETGEAR XR1000 Gaming Router and certain Nighthawk models that co MEDIUM 4.9 0.1% 25
CVE-2026-62658 Post-authentication command execution in NETGEAR Nighthawk RAX-series routers (RAX43, RAX45, RAX50, RAX54S, RAX54Sv2) permits an attacker already holding administrative credentials and adjacent network access to run unauthorized OS-level commands or code on the device. Rooted in CWE-20 (Improper Input Validation), the flaw bypasses authorization controls within the authenticated management session, yielding high integrity impact on the vulnerable system. No public exploit identified at time of analysis, though the CVSS 4.0 supplemental metric E:P indicates proof-of-concept code exists; a vendor-released patch is available from NETGEAR. MEDIUM 4.7 0.2% 24
CVE-2026-62659 A security flaw was discovered in the NETGEAR WAX333 Access Point that could allow someone already logged in and connected to the local network to mak MEDIUM 4.3 0.2% 22

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy