Netgear Raxe300 Firmware vulnerabilities
3 known vulnerabilities affecting netgear/raxe300_firmware.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-12943MEDIUMCVSS 5.2fixed in 1.0.9.822025-11-11
CVE-2025-12943 [MEDIUM] CWE-295 CVE-2025-12943: Improper certificate
validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream
AX
Improper certificate
validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream
AX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band
WiFi 6E Router) allows attackers with the ability to intercept and
tamper traffic destined to the device to execute arbitrary commands on the
device.
Devices
with automatic updates enabled m
nvd
CVE-2023-27358HIGHCVSS 8.8fixed in 1.0.10.942024-05-03
CVE-2023-27358 [HIGH] CWE-89 CVE-2023-27358: NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability. This vulnerability all
NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of specific SOAP requests. The issue
nvd
CVE-2023-27356HIGHCVSS 8.0fixed in 1.0.10.942024-05-03
CVE-2023-27356 [HIGH] CWE-78 CVE-2023-27356: NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability. This vulnerability allo
NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exist
nvd