Vulnerability Details CVE-2026-0420
An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks impacting the product's confidentiality. This vulnerability affects the listed NETGEAR models.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 3.9%
CVSS Severity
CVSS v3 Score 5.9
References
Products affected by CVE-2026-0420
-
cpe:2.3:h:netgear:rax120:-
-
cpe:2.3:h:netgear:rax120:1.0
-
cpe:2.3:h:netgear:rax120:2.0
-
cpe:2.3:h:netgear:rax35:-
-
cpe:2.3:h:netgear:rax38:-
-
cpe:2.3:h:netgear:rax40:-
-
cpe:2.3:o:netgear:rax120_firmware:-
-
cpe:2.3:o:netgear:rax120_firmware:1.0.0.74
-
cpe:2.3:o:netgear:rax120_firmware:1.0.0.78
-
cpe:2.3:o:netgear:rax120_firmware:1.0.1.108
-
cpe:2.3:o:netgear:rax120_firmware:1.0.1.136
-
cpe:2.3:o:netgear:rax120_firmware:1.2.0.16
-
cpe:2.3:o:netgear:rax120_firmware:1.2.2.24
-
cpe:2.3:o:netgear:rax35_firmware:-
-
cpe:2.3:o:netgear:rax35_firmware:1.0.3.62
-
cpe:2.3:o:netgear:rax35_firmware:1.0.3.80
-
cpe:2.3:o:netgear:rax35_firmware:1.0.3.94
-
cpe:2.3:o:netgear:rax35_firmware:1.0.4.102
-
cpe:2.3:o:netgear:rax38_firmware:-
-
cpe:2.3:o:netgear:rax38_firmware:1.0.3.94
-
cpe:2.3:o:netgear:rax38_firmware:1.0.4.102
-
cpe:2.3:o:netgear:rax40_firmware:-
-
cpe:2.3:o:netgear:rax40_firmware:1.0.3.62
-
cpe:2.3:o:netgear:rax40_firmware:1.0.3.64
-
cpe:2.3:o:netgear:rax40_firmware:1.0.3.80
-
cpe:2.3:o:netgear:rax40_firmware:1.0.3.94
-
cpe:2.3:o:netgear:rax40_firmware:1.0.4.102