22
CVEs
3
Critical
14
High
0
KEV
10
PoC
11
Unpatched C/H
27.3%
Patch Rate
0.5%
Avg EPSS
Severity Breakdown
CRITICAL
3
HIGH
14
MEDIUM
3
LOW
2
Monthly CVE Trend
Affected Products (30)
Ex6200 Firmware
8
Wnr854T Firmware
8
Rax50 Firmware
7
Jwnr2000 Firmware
4
Dgnd3700 Firmware
3
R6260 Firmware
3
Rbr850 Firmware
3
Rbse960 Firmware
3
Rbs860 Firmware
3
Jwnr2000V2 Firmware
3
Rbs750 Firmware
3
Rbr750 Firmware
3
Rbr860 Firmware
3
Rbre960 Firmware
3
Rbs850 Firmware
3
Ex2800 Firmware
2
Rbe970 Firmware
2
Rbe971 Firmware
2
Dgn2200 Firmware
2
Bl X10 Ac8 Firmware
2
Rax120v2 Firmware
2
Rbr20 Firmware
2
Bl Ac2100 Az3 Firmware
2
Bl F1200 At1 Firmware
2
R8900 Firmware
2
Ex6120 Firmware
2
Ex6110 Firmware
2
Bl X26 Ac8 Firmware
2
R6230 Firmware
2
Bl Wr9000 Firmware
2
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-45984 | A command injection vulnerability (CVSS 9.8). Risk factors: public PoC available. | CRITICAL | 9.8 | 3.0% | 72 |
PoC
No patch
|
| CVE-2025-45986 | A critical unauthenticated remote command injection vulnerability exists in multiple Blink router models through the 'mac' parameter in the bs_SetMacBlack function, allowing attackers to execute arbitrary commands with full system privileges. Affected models include BL-WR9000 V2.4.9, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5, BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0, and BL-X26_DA3 v1.2.7. With a CVSS score of 9.8 and network-based attack vector requiring no authentication or user interaction, this vulnerability poses severe risk to any exposed router on the network. | CRITICAL | 9.8 | 3.0% | 72 |
PoC
No patch
|
| CVE-2025-6565 | CVE-2025-6565 is a critical stack-based buffer overflow vulnerability in Netgear WNCE3001 v1.0.0.50 affecting the HTTP POST request handler's Host parameter processing. An authenticated attacker can remotely exploit this to achieve complete system compromise including confidentiality, integrity, and availability violations. Public exploitation code exists, elevating immediate risk. | HIGH | 8.8 | 0.3% | 64 |
PoC
No patch
|
| CVE-2025-5934 | A critical stack-based buffer overflow vulnerability (CVE-2025-5934) exists in Netgear EX3700 wireless extenders up to version 1.0.0.88, affecting the sub_41619C function in the /mtd file. An authenticated attacker can remotely exploit this vulnerability to achieve complete system compromise including confidentiality, integrity, and availability breaches. Public exploit code is available, and while the affected product line is no longer supported by Netgear, immediate patching to version 1.0.0.98 is critical for active deployments. | HIGH | 8.8 | 0.3% | 64 |
PoC
No patch
|
| CVE-2025-6510 | CVE-2025-6510 is a critical stack-based buffer overflow vulnerability in Netgear EX6100 WiFi extender (version 1.0.2.28_1.1.138) affecting the sub_415EF8 function. An authenticated remote attacker can exploit this vulnerability to achieve arbitrary code execution with high integrity and availability impact. The vulnerability has public exploit disclosure and affects only end-of-life products no longer receiving vendor support. | HIGH | 8.8 | 0.3% | 64 |
PoC
No patch
|
| CVE-2025-6511 | CVE-2025-6511 is a critical stack-based buffer overflow vulnerability in Netgear EX6150 (version 1.0.0.46_1.0.76) affecting the sub_410090 function, allowing authenticated attackers to achieve remote code execution with high integrity, confidentiality, and availability impact. The vulnerability is publicly disclosed with proof-of-concept code available, and impacts only end-of-life products no longer receiving vendor support, elevating real-world exploitation risk for unpatched legacy deployments. | HIGH | 8.8 | 0.3% | 64 |
PoC
No patch
|
| CVE-2022-40619 | FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsq_access_token parameter. [CVSS 7.7 HIGH] | HIGH | 7.7 | 0.8% | 59 |
PoC
No patch
|
| CVE-2022-40620 | FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. [CVSS 7.7 HIGH] | HIGH | 7.7 | 0.1% | 59 |
PoC
No patch
|
| CVE-2025-5495 | Critical authentication bypass vulnerability in Netgear WNR614 version 1.1.0.28_1.0.1WW that allows unauthenticated remote attackers to access sensitive configuration files through null-byte injection in the URL handler. The vulnerability affects the %00currentsetting.htm endpoint, enabling attackers to retrieve or modify device settings without credentials. This 0day has been publicly disclosed with proof-of-concept code available, and CVSS 7.3 reflects moderate confidentiality, integrity, and availability impact across network-accessible administration functions. | HIGH | 7.3 | 0.4% | 57 |
PoC
No patch
|
| CVE-2025-48890 | CVE-2025-48890 is a critical OS command injection vulnerability in the miniigd SOAP service affecting WRH-733GBK and WRH-733GWH network storage devices. Remote unauthenticated attackers can execute arbitrary OS commands by sending specially crafted requests, achieving complete system compromise (CVSS 9.8). With an attack vector of Network/Low complexity/No privileges required, this vulnerability poses immediate risk to exposed devices. | CRITICAL | 9.8 | 0.4% | 49 |
No patch
|
| CVE-2026-0404 | Authenticated attackers on the same network can execute arbitrary OS commands on NETGEAR Orbi routers (RBS860, RBR850, RBSE950) through improper validation of DHCPv6 input. The vulnerability requires local or WiFi network access but no user interaction, giving attackers full system compromise capabilities on affected devices. A patch is available for this high-severity flaw. | HIGH | 8.0 | 0.1% | 40 |
|
| CVE-2026-0403 | NETGEAR Orbi routers (RBS850, RBE970, RBS750) are vulnerable to OS command injection through inadequate input validation, enabling attackers on the local network to execute arbitrary commands with elevated privileges. The vulnerability requires LAN access and low privileges but provides complete system compromise through high-impact code execution capabilities. A patch is available for affected firmware versions. | HIGH | 8.0 | 0.1% | 40 |
|
| CVE-2026-0407 | NETGEAR WiFi extenders (Ex3110, Ex6110, Ex5000, Ex2800) contain an authentication bypass vulnerability that allows network-adjacent attackers with WiFi access or physical Ethernet connectivity to gain unauthorized admin panel access. An attacker can exploit insufficient authentication validation to fully compromise the device's confidentiality, integrity, and availability. A patch is available for affected firmware versions. | HIGH | 8.0 | 0.1% | 40 |
|
| CVE-2026-0408 | NETGEAR WiFi extenders (Ex5000, Ex6110, Ex2800, Ex3110) with improper path traversal validation allow authenticated LAN users to access the webproc configuration file and extract stored router credentials. An attacker with local network access can leverage this to obtain administrative credentials for further network compromise. A patch is available. | HIGH | 8.0 | 0.1% | 40 |
|
| CVE-2026-0406 | NETGEAR XR1000v2 routers are vulnerable to OS command injection through inadequate input validation, enabling attackers with LAN access to execute arbitrary commands with elevated privileges. The vulnerability affects authenticated users on the local network and could allow complete router compromise including data interception and network manipulation. A patch is available. | HIGH | 8.0 | 0.0% | 40 |
|