Netgear: Security Vulnerabilities
Denial of Service Vulnerability in NETGEAR C6220 and C6230 (DOCSIS® 3.0 Two-in-one Cable Modem + WiFi Router) allows authenticated local WiFi users reboot the router.
CVSS Score
5.0
EPSS Score
0.0
Published
2025-12-09
A vulnerability in NETGEAR Nighthawk R7000P routers lets an authenticated admin execute OS command injections due to improper input validation.
This issue affects R7000P: through 1.3.3.154.
CVSS Score
1.1
EPSS Score
0.007
Published
2025-12-09
A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques (MiTM) to manipulate DNS responses and execute commands when speedtests are run.
This issue affects RS700: through 1.0.7.82; RAX54Sv2 : before V1.1.6.36; RAX41v2: before V1.1.6.36; RAX50: before V1.2.14.114; RAXE500: before V1.2.14.114; RAX41: before V1.0.17.142; RAX43: before V1.0.17.142; RAX35v2: before V1.0.17.142; RAXE450: before V1.2.14.114; RAX43v2: before V1.1.6.36; RAX42: before V1.0.17.142; RAX45: before V1.0.17.142; RAX50v2: before V1.1.6.36; MR90: before V1.0.2.46; MS90: before V1.0.2.46; RAX42v2: before V1.1.6.36; RAX49S: before V1.1.6.36.
CVSS Score
4.4
EPSS Score
0.001
Published
2025-12-09
Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610
and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6
Access Points). An user having access to the syslog server can read the logs containing these credentials.
This issue affects WAX610: before 10.8.11.4; WAX610Y: before 10.8.11.4.
Devices
managed with Insight get automatic updates. If not, please check the firmware version
and update to the latest.
Fixed in:
WAX610 firmware
11.8.0.10 or later.
WAX610Y firmware
11.8.0.10 or later.
CVSS Score
0.5
EPSS Score
0.0
Published
2025-11-11
Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-11-11
Improper certificate
validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream
AX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band
WiFi 6E Router) allows attackers with the ability to intercept and
tamper traffic destined to the device to execute arbitrary commands on the
device.
Devices
with automatic updates enabled may already have this patch applied. If not,
please check the firmware version and update to the
latest.
Fixed in:
RAX30 firmware
1.0.14.108 or later.
RAXE300 firmware
1.0.9.82 or later
CVSS Score
5.2
EPSS Score
0.0
Published
2025-11-11
Improper input validation
in NETGEAR DGN2200v4 (N300 Wireless ADSL2+ Modem Router) allows attackers with
direct network access to the device to potentially execute code on the device.
Please check the firmware version and update to the latest.
Fixed
in:
DGN2200v4
firmware 1.0.0.132 or later
CVSS Score
6.8
EPSS Score
0.0
Published
2025-11-11
An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via crafted input to the pppoe_username parameter. This flaw allows full compromise of the device and may persist across reboots unless configuration is restored.
CVSS Score
9.4
EPSS Score
0.646
Published
2025-08-01
An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neutralization, enabling command injection through crafted POST requests. This flaw enables remote attackers to deploy payloads or manipulate system state post-authentication.
CVSS Score
8.6
EPSS Score
0.731
Published
2025-08-01
In Netgear RAX30 V1.0.10.94_3, the USERLIMIT_GLOBAL option is set to 0 in multiple bftpd-related configuration files. This can cause DoS attacks when unlimited users are connected.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-07-21