Netgear Rax50 Firmware vulnerabilities
44 known vulnerabilities affecting netgear/rax50_firmware.
Total CVEs
44
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL19HIGH13MEDIUM12
Vulnerabilities
Page 1 of 3
CVE-2025-12946MEDIUMCVSS 4.4fixed in 1.2.14.1142025-12-09
CVE-2025-12946 [MEDIUM] CWE-20 CVE-2025-12946: A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper i
A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques (MiTM) to manipulate DNS responses and execute commands when speedtests are run.
This issue affects RS700: through 1.0.7.82; RAX54Sv2 : before V1.1
nvd
CVE-2024-57234CRITICALCVSS 9.8v1.0.2.262025-05-05
CVE-2024-57234 [CRITICAL] CWE-77 CVE-2024-57234: NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerabil
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function.
nvd
CVE-2024-57229CRITICALCVSS 9.8v1.0.2.262025-05-05
CVE-2024-57229 [CRITICAL] CWE-77 CVE-2024-57229: NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerabil
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function.
nvd
CVE-2024-57235CRITICALCVSS 9.8v1.0.2.262025-05-05
CVE-2024-57235 [CRITICAL] CWE-77 CVE-2024-57235: NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerabil
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function.
nvd
CVE-2024-57230CRITICALCVSS 9.8v1.0.2.262025-05-05
CVE-2024-57230 [CRITICAL] CWE-77 CVE-2024-57230: NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerabil
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function.
nvd
CVE-2024-57232CRITICALCVSS 9.8v1.0.2.262025-05-05
CVE-2024-57232 [CRITICAL] CWE-77 CVE-2024-57232: NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerabil
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function.
nvd
CVE-2024-57233CRITICALCVSS 9.8v1.0.2.262025-05-05
CVE-2024-57233 [CRITICAL] CWE-77 CVE-2024-57233: NETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain a command injection vulnerabil
NETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function.
nvd
CVE-2024-57231CRITICALCVSS 9.8v1.0.2.262025-05-05
CVE-2024-57231 [CRITICAL] CWE-77 CVE-2024-57231: NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerabil
NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function.
nvd
CVE-2021-34982HIGHCVSS 8.8fixed in 1.0.4.1002024-05-07
CVE-2021-34982 [HIGH] CWE-121 CVE-2021-34982: NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This
NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the httpd service, which lis
nvd
CVE-2021-34983MEDIUMCVSS 6.5fixed in 1.0.4.1002024-05-07
CVE-2021-34983 [MEDIUM] CWE-306 CVE-2021-34983: NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure V
NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within
nvd
CVE-2023-35721HIGHCVSS 8.8fixed in 1.0.15.1282024-05-03
CVE-2023-35721 [HIGH] CWE-295 CVE-2023-35721: NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution Vulnerabili
NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists
nvd
CVE-2022-27647HIGHCVSS 8.0fixed in 1.0.10.1102023-03-29
CVE-2022-27647 [HIGH] CWE-78 CVE-2022-27647: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided
nvd
CVE-2022-27642HIGHCVSS 8.8fixed in 1.0.10.1102023-03-29
CVE-2022-27642 [HIGH] CWE-863 CVE-2022-27642: This vulnerability allows network-adjacent attackers to bypass authentication on affected installati
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An
nvd
CVE-2022-27645HIGHCVSS 8.8fixed in 1.0.10.1102023-03-29
CVE-2022-27645 [HIGH] CWE-306 CVE-2022-27645: This vulnerability allows network-adjacent attackers to bypass authentication on affected installati
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacke
nvd
CVE-2021-45610CRITICALCVSS 9.8fixed in 1.0.2.822021-12-26
CVE-2021-45610 [CRITICAL] CWE-120 CVE-2021-45610: Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affec
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.66, D6400 before 1.0.0.100, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, DC112A before 1.0.0.52, DGN2200v4 before 1.0.0.118, EAX80 before 1.0.1.64, R6250 before 1.0.4.48, R7000 before 1.0.11.110, R7100LG before 1.0.0.72, R79
nvd
CVE-2021-45620CRITICALCVSS 9.8fixed in 1.0.3.962021-12-26
CVE-2021-45620 [CRITICAL] CWE-77 CVE-2021-45620: Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affec
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MR80 before 1.1.2.20, MS60 before 1.0.6.116, MS80 before 1.1.2.20, MK62 before 1.0.6.116, MK83 before 1.1.2.2
nvd
CVE-2021-45622CRITICALCVSS 9.8fixed in 1.0.3.962021-12-26
CVE-2021-45622 [CRITICAL] CWE-77 CVE-2021-45622: Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affec
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6400 before 1.0.1.70, R6400v2 before 1
nvd
CVE-2021-45616CRITICALCVSS 9.8fixed in 1.0.3.962021-12-26
CVE-2021-45616 [CRITICAL] CWE-77 CVE-2021-45616: Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affec
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 3.2.18.2, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.46, R7900P bef
nvd
CVE-2021-45613CRITICALCVSS 9.8fixed in 1.0.3.962021-12-26
CVE-2021-45613 [CRITICAL] CWE-77 CVE-2021-45613: Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affec
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, MR80 before 1.1.2.20, MS80 before 1.1.2.20, RAX15 before 1.0.3.96, RAX20 before 1.0.
nvd
CVE-2021-45614CRITICALCVSS 9.8fixed in 1.0.3.962021-12-26
CVE-2021-45614 [CRITICAL] CWE-77 CVE-2021-45614: Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affec
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before
nvd
1 / 3Next →