52
CVEs
13
Critical
28
High
0
KEV
31
PoC
35
Unpatched C/H
11.5%
Patch Rate
1.7%
Avg EPSS
Severity Breakdown
CRITICAL
13
HIGH
28
MEDIUM
10
LOW
1
Monthly CVE Trend
Affected Products (30)
Command Injection
27
Ex6200 Firmware
8
Wnr854T Firmware
8
Rax50 Firmware
7
Jwnr2000 Firmware
4
R6260 Firmware
3
Rbr850 Firmware
3
Rbse960 Firmware
3
Dgnd3700 Firmware
3
Rbs850 Firmware
3
Rbre960 Firmware
3
Rbs750 Firmware
3
Rbr860 Firmware
3
Rbr750 Firmware
3
Rbs860 Firmware
3
Jwnr2000V2 Firmware
3
Rax120 Firmware
2
Rbre950 Firmware
2
Ex3110 Firmware
2
Rbs840 Firmware
2
Rbe970 Firmware
2
Ex6110 Firmware
2
Ex5000 Firmware
2
Rbe971 Firmware
2
Ex2800 Firmware
2
Bl X26 Da3 Firmware
2
R9000 Firmware
2
Dgn2200 Firmware
2
Bl Wr9000 Firmware
2
Ex6120 Firmware
2
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2024-57229 | NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 7.2% | 76 |
PoC
No patch
|
| CVE-2024-57230 | NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 7.2% | 76 |
PoC
No patch
|
| CVE-2024-57231 | NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 7.2% | 76 |
PoC
No patch
|
| CVE-2024-57232 | NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 7.2% | 76 |
PoC
No patch
|
| CVE-2024-57233 | NETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 7.2% | 76 |
PoC
No patch
|
| CVE-2024-57234 | NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 7.2% | 76 |
PoC
No patch
|
| CVE-2024-57235 | NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 7.2% | 76 |
PoC
No patch
|
| CVE-2025-45492 | Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 5.4% | 74 |
PoC
No patch
|
| CVE-2025-45984 | A command injection vulnerability (CVSS 9.8). Risk factors: public PoC available. | CRITICAL | 9.8 | 3.0% | 72 |
PoC
No patch
|
| CVE-2025-45986 | A critical unauthenticated remote command injection vulnerability exists in multiple Blink router models through the 'mac' parameter in the bs_SetMacBlack function, allowing attackers to execute arbitrary commands with full system privileges. Affected models include BL-WR9000 V2.4.9, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5, BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0, and BL-X26_DA3 v1.2.7. With a CVSS score of 9.8 and network-based attack vector requiring no authentication or user interaction, this vulnerability poses severe risk to any exposed router on the network. | CRITICAL | 9.8 | 3.0% | 72 |
PoC
No patch
|
| CVE-2025-29044 | Buffer Overflow vulnerability in Netgear- R61 router V1.0.1.28 allows a remote attacker to execute arbitrary code via the QUERY_STRING key value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 2.8% | 72 |
PoC
No patch
|
| CVE-2025-4140 | A vulnerability, which was classified as critical, has been found in Netgear EX6120 1.0.3.94. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.7 | 1.2% | 65 |
PoC
No patch
|
| CVE-2025-4141 | A vulnerability, which was classified as critical, was found in Netgear EX6200 1.0.3.94. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.7 | 1.2% | 65 |
PoC
No patch
|
| CVE-2025-4142 | A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.7 | 1.2% | 65 |
PoC
No patch
|
| CVE-2025-4145 | A vulnerability, which was classified as critical, has been found in Netgear EX6200 1.0.3.94. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.7 | 1.2% | 65 |
PoC
No patch
|