CVE-2026-0420 (GCVE-0-2026-0420)
Vulnerability from cvelistv5 – Published: 2026-06-09 15:50 – Updated: 2026-06-11 05:19
VLAI
Title
Missing TLS certificate validation in NETGEAR's ReadyCloud client app
Summary
An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks impacting the product's confidentiality. This vulnerability affects the listed NETGEAR models.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-325 - Missing cryptographic step
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.netgear.com/support/product/rax35/ | productpatch |
| https://www.netgear.com/support/product/rax38/ | productpatch |
| https://www.netgear.com/support/product/rax40/ | productpatch |
| https://www.netgear.com/support/product/rax120v2/ | productpatch |
| https://kb.netgear.com/000070811/June-2026-NETGEA… | vendor-advisory |
Impacted products
Date Public
2026-06-09 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0420",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T17:22:54.642384Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T17:23:31.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RAX120v1",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V1.2.9.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RAX120v2",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V1.2.9.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RAX35",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V1.0.6.106",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RAX38",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V1.0.6.106",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RAX40",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V1.0.6.106",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "talsonor"
}
],
"datePublic": "2026-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn improper implementation of TLS certificate validation vulnerability found in NETGEAR\u0027s ReadyCloud client app which could allow an attacker to perform\u0026nbsp;attacker-in-the-middle (MiTM) style attacks impacting the product\u0027s confidentiality. This vulnerability affects the listed NETGEAR models.\u003c/p\u003e"
}
],
"value": "An improper implementation of TLS certificate validation vulnerability found in NETGEAR\u0027s ReadyCloud client app which could allow an attacker to perform\u00a0attacker-in-the-middle (MiTM) style attacks impacting the product\u0027s confidentiality. This vulnerability affects the listed NETGEAR models."
}
],
"impacts": [
{
"capecId": "CAPEC-217",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-217 Exploiting Incorrectly Configured SSL/TLS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-325",
"description": "CWE-325 Missing cryptographic step",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T05:19:09.117Z",
"orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"shortName": "NETGEAR"
},
"references": [
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rax35/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rax38/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rax40/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rax120v2/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDevices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\u003c/p\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eProduct\u003c/th\u003e\u003cth\u003eFixed Version\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX120v1 (EoS)\u003c/b\u003e\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax120v1\"\u003eV1.2.9.52\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX120v2\u003c/b\u003e Nighthawk AX12 12-Stream AX6000 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax120v2/\"\u003eV1.2.9.52\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX35 (EoS)\u003c/b\u003e Nighthawk AX4 4-Stream WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax35/\"\u003eV1.0.6.106\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX38 (EoS)\u003c/b\u003e Nighthawk AX4 4-Stream AX3000 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax38/\"\u003eV1.0.6.106\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX40 (EoS)\u003c/b\u003e Nighthawk AX4 4-Stream WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax40/\"\u003eV1.0.6.106\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003eModels marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support.\u003c/p\u003e"
}
],
"value": "Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\n\nProductFixed VersionRAX120v1 (EoS) V1.2.9.52 https://www.netgear.com/support/product/rax120v1 RAX120v2 Nighthawk AX12 12-Stream AX6000 WiFi Router V1.2.9.52 https://www.netgear.com/support/product/rax120v2/ RAX35 (EoS) Nighthawk AX4 4-Stream WiFi 6 Router V1.0.6.106 https://www.netgear.com/support/product/rax35/ RAX38 (EoS) Nighthawk AX4 4-Stream AX3000 WiFi Router V1.0.6.106 https://www.netgear.com/support/product/rax38/ RAX40 (EoS) Nighthawk AX4 4-Stream WiFi Router V1.0.6.106 https://www.netgear.com/support/product/rax40/ \n\nModels marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Missing TLS certificate validation in NETGEAR\u0027s ReadyCloud client app",
"x_generator": {
"engine": "Vulnogram 1.0.3"
}
}
},
"cveMetadata": {
"assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"assignerShortName": "NETGEAR",
"cveId": "CVE-2026-0420",
"datePublished": "2026-06-09T15:50:53.619Z",
"dateReserved": "2025-12-03T04:16:27.690Z",
"dateUpdated": "2026-06-11T05:19:09.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-0420",
"date": "2026-06-11",
"epss": "0.00023",
"percentile": "0.06708"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-0420\",\"sourceIdentifier\":\"a2826606-91e7-4eb6-899e-8484bd4575d5\",\"published\":\"2026-06-09T17:17:00.147\",\"lastModified\":\"2026-06-11T07:16:26.570\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An improper implementation of TLS certificate validation vulnerability found in NETGEAR\u0027s ReadyCloud client app which could allow an attacker to perform\u00a0attacker-in-the-middle (MiTM) style attacks impacting the product\u0027s confidentiality. This vulnerability affects the listed NETGEAR models.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"a2826606-91e7-4eb6-899e-8484bd4575d5\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":4.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"UNREPORTED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"a2826606-91e7-4eb6-899e-8484bd4575d5\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-325\"}]}],\"references\":[{\"url\":\"https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory\",\"source\":\"a2826606-91e7-4eb6-899e-8484bd4575d5\"},{\"url\":\"https://www.netgear.com/support/product/rax120v2/\",\"source\":\"a2826606-91e7-4eb6-899e-8484bd4575d5\"},{\"url\":\"https://www.netgear.com/support/product/rax35/\",\"source\":\"a2826606-91e7-4eb6-899e-8484bd4575d5\"},{\"url\":\"https://www.netgear.com/support/product/rax38/\",\"source\":\"a2826606-91e7-4eb6-899e-8484bd4575d5\"},{\"url\":\"https://www.netgear.com/support/product/rax40/\",\"source\":\"a2826606-91e7-4eb6-899e-8484bd4575d5\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-0420\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-09T17:22:54.642384Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-09T17:23:12.088Z\"}}], \"cna\": {\"title\": \"Missing TLS certificate validation in NETGEAR\u0027s ReadyCloud client app\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"talsonor\"}], \"impacts\": [{\"capecId\": \"CAPEC-217\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-217 Exploiting Incorrectly Configured SSL/TLS\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 4.6, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U\", \"exploitMaturity\": \"UNREPORTED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"NETGEAR\", \"product\": \"RAX120v1\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V1.2.9.52\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"NETGEAR\", \"product\": \"RAX120v2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V1.2.9.52\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"NETGEAR\", \"product\": \"RAX35\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V1.0.6.106\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"NETGEAR\", \"product\": \"RAX38\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V1.0.6.106\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"NETGEAR\", \"product\": \"RAX40\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V1.0.6.106\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\\n\\nProductFixed VersionRAX120v1 (EoS) V1.2.9.52 https://www.netgear.com/support/product/rax120v1 RAX120v2 Nighthawk AX12 12-Stream AX6000 WiFi Router V1.2.9.52 https://www.netgear.com/support/product/rax120v2/ RAX35 (EoS) Nighthawk AX4 4-Stream WiFi 6 Router V1.0.6.106 https://www.netgear.com/support/product/rax35/ RAX38 (EoS) Nighthawk AX4 4-Stream AX3000 WiFi Router V1.0.6.106 https://www.netgear.com/support/product/rax38/ RAX40 (EoS) Nighthawk AX4 4-Stream WiFi Router V1.0.6.106 https://www.netgear.com/support/product/rax40/ \\n\\nModels marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eDevices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\u003c/p\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eProduct\u003c/th\u003e\u003cth\u003eFixed Version\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX120v1 (EoS)\u003c/b\u003e\u003c/td\u003e\u003ctd\u003e\u003ca href=\\\"https://www.netgear.com/support/product/rax120v1\\\"\u003eV1.2.9.52\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX120v2\u003c/b\u003e Nighthawk AX12 12-Stream AX6000 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\\\"https://www.netgear.com/support/product/rax120v2/\\\"\u003eV1.2.9.52\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX35 (EoS)\u003c/b\u003e Nighthawk AX4 4-Stream WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\\\"https://www.netgear.com/support/product/rax35/\\\"\u003eV1.0.6.106\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX38 (EoS)\u003c/b\u003e Nighthawk AX4 4-Stream AX3000 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\\\"https://www.netgear.com/support/product/rax38/\\\"\u003eV1.0.6.106\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX40 (EoS)\u003c/b\u003e Nighthawk AX4 4-Stream WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\\\"https://www.netgear.com/support/product/rax40/\\\"\u003eV1.0.6.106\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003eModels marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support.\u003c/p\u003e\", \"base64\": false}]}], \"datePublic\": \"2026-06-09T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.netgear.com/support/product/rax35/\", \"tags\": [\"product\", \"patch\"]}, {\"url\": \"https://www.netgear.com/support/product/rax38/\", \"tags\": [\"product\", \"patch\"]}, {\"url\": \"https://www.netgear.com/support/product/rax40/\", \"tags\": [\"product\", \"patch\"]}, {\"url\": \"https://www.netgear.com/support/product/rax120v2/\", \"tags\": [\"product\", \"patch\"]}, {\"url\": \"https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.3\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An improper implementation of TLS certificate validation vulnerability found in NETGEAR\u0027s ReadyCloud client app which could allow an attacker to perform\\u00a0attacker-in-the-middle (MiTM) style attacks impacting the product\u0027s confidentiality. This vulnerability affects the listed NETGEAR models.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eAn improper implementation of TLS certificate validation vulnerability found in NETGEAR\u0027s ReadyCloud client app which could allow an attacker to perform\u0026nbsp;attacker-in-the-middle (MiTM) style attacks impacting the product\u0027s confidentiality. This vulnerability affects the listed NETGEAR models.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-325\", \"description\": \"CWE-325 Missing cryptographic step\"}]}], \"providerMetadata\": {\"orgId\": \"a2826606-91e7-4eb6-899e-8484bd4575d5\", \"shortName\": \"NETGEAR\", \"dateUpdated\": \"2026-06-11T05:19:09.117Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-0420\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-11T05:19:09.117Z\", \"dateReserved\": \"2025-12-03T04:16:27.690Z\", \"assignerOrgId\": \"a2826606-91e7-4eb6-899e-8484bd4575d5\", \"datePublished\": \"2026-06-09T15:50:53.619Z\", \"assignerShortName\": \"NETGEAR\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…