Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for RAX5 by NETGEAR
CVE-2026-9211 (GCVE-0-2026-9211)
Vulnerability from nvd – Published: 2026-06-09 15:50 – Updated: 2026-06-10 18:16
VLAI
Title
Certain NETGEAR routers allow unauthenticated users to gain control of the router
Summary
An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper input validation
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.netgear.com/support/product/cax30/ | productpatch |
| https://www.netgear.com/support/product/rax30/ | productpatch |
| https://www.netgear.com/support/product/rax5/ | productpatch |
| https://www.netgear.com/support/product/raxe300/ | productpatch |
| https://kb.netgear.com/000070811/June-2026-NETGEA… | vendor-advisory |
Impacted products
Date Public
2026-06-09 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9211",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T03:59:26.298Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CAX30",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V2.2.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RAX30",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V1.0.10.94",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RAX5",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V1.0.5.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RAXE300",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V1.0.10.72",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "kaoken"
}
],
"datePublic": "2026-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eAn unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation."
}
],
"impacts": [
{
"capecId": "CAPEC-33",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-33 HTTP Request Smuggling"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T18:16:48.508Z",
"orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"shortName": "NETGEAR"
},
"references": [
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/cax30/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rax30/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rax5/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/raxe300/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDevices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\u003c/p\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eProduct\u003c/th\u003e\u003cth\u003eFixed Version\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eCAX30\u003c/b\u003e Nighthawk AX6 6-Stream WiFi 6 Cable Modem Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/cax30/\"\u003eV2.2.1.4\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX30\u003c/b\u003e Nighthawk AX5 5-Stream AX2400 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax30/\"\u003eV1.0.10.94\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX5\u003c/b\u003e 4-Stream AX1600 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax5/\"\u003eV1.0.5.34\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAXE300\u003c/b\u003e Nighthawk AXE7800 Tri-Band WiFi 6E Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/raxe300/\"\u003eV1.0.10.72\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\n\nProductFixed VersionCAX30 Nighthawk AX6 6-Stream WiFi 6 Cable Modem Router V2.2.1.4 https://www.netgear.com/support/product/cax30/ RAX30 Nighthawk AX5 5-Stream AX2400 WiFi 6 Router V1.0.10.94 https://www.netgear.com/support/product/rax30/ RAX5 4-Stream AX1600 WiFi 6 Router V1.0.5.34 https://www.netgear.com/support/product/rax5/ RAXE300 Nighthawk AXE7800 Tri-Band WiFi 6E Router V1.0.10.72 https://www.netgear.com/support/product/raxe300/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Certain NETGEAR routers allow unauthenticated users to gain control of the router",
"x_generator": {
"engine": "Vulnogram 1.0.3"
}
}
},
"cveMetadata": {
"assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"assignerShortName": "NETGEAR",
"cveId": "CVE-2026-9211",
"datePublished": "2026-06-09T15:50:48.437Z",
"dateReserved": "2026-05-21T17:29:03.440Z",
"dateUpdated": "2026-06-10T18:16:48.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9211 (GCVE-0-2026-9211)
Vulnerability from cvelistv5 – Published: 2026-06-09 15:50 – Updated: 2026-06-10 18:16
VLAI
Title
Certain NETGEAR routers allow unauthenticated users to gain control of the router
Summary
An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper input validation
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.netgear.com/support/product/cax30/ | productpatch |
| https://www.netgear.com/support/product/rax30/ | productpatch |
| https://www.netgear.com/support/product/rax5/ | productpatch |
| https://www.netgear.com/support/product/raxe300/ | productpatch |
| https://kb.netgear.com/000070811/June-2026-NETGEA… | vendor-advisory |
Impacted products
Date Public
2026-06-09 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9211",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T03:59:26.298Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CAX30",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V2.2.1.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RAX30",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V1.0.10.94",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RAX5",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V1.0.5.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RAXE300",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V1.0.10.72",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "kaoken"
}
],
"datePublic": "2026-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eAn unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation."
}
],
"impacts": [
{
"capecId": "CAPEC-33",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-33 HTTP Request Smuggling"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T18:16:48.508Z",
"orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"shortName": "NETGEAR"
},
"references": [
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/cax30/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rax30/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rax5/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/raxe300/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDevices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\u003c/p\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eProduct\u003c/th\u003e\u003cth\u003eFixed Version\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eCAX30\u003c/b\u003e Nighthawk AX6 6-Stream WiFi 6 Cable Modem Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/cax30/\"\u003eV2.2.1.4\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX30\u003c/b\u003e Nighthawk AX5 5-Stream AX2400 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax30/\"\u003eV1.0.10.94\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX5\u003c/b\u003e 4-Stream AX1600 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax5/\"\u003eV1.0.5.34\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAXE300\u003c/b\u003e Nighthawk AXE7800 Tri-Band WiFi 6E Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/raxe300/\"\u003eV1.0.10.72\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\n\nProductFixed VersionCAX30 Nighthawk AX6 6-Stream WiFi 6 Cable Modem Router V2.2.1.4 https://www.netgear.com/support/product/cax30/ RAX30 Nighthawk AX5 5-Stream AX2400 WiFi 6 Router V1.0.10.94 https://www.netgear.com/support/product/rax30/ RAX5 4-Stream AX1600 WiFi 6 Router V1.0.5.34 https://www.netgear.com/support/product/rax5/ RAXE300 Nighthawk AXE7800 Tri-Band WiFi 6E Router V1.0.10.72 https://www.netgear.com/support/product/raxe300/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Certain NETGEAR routers allow unauthenticated users to gain control of the router",
"x_generator": {
"engine": "Vulnogram 1.0.3"
}
}
},
"cveMetadata": {
"assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"assignerShortName": "NETGEAR",
"cveId": "CVE-2026-9211",
"datePublished": "2026-06-09T15:50:48.437Z",
"dateReserved": "2026-05-21T17:29:03.440Z",
"dateUpdated": "2026-06-10T18:16:48.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}