Netgear: Security Vulnerabilities
An insufficient input validation vulnerability in NETGEAR Orbi devices'
DHCPv6 functionality allows network adjacent attackers authenticated
over WiFi or on LAN to execute OS command injections on the router.
DHCPv6 is not enabled by default.
CVSS Score
4.8
EPSS Score
0.011
Published
2026-01-13
An authentication bypass vulnerability in NETGEAR Orbi devices allows
users connected to the local network to access the router web interface
as an admin.
CVSS Score
6.1
EPSS Score
0.003
Published
2026-01-13
An insufficient input validation vulnerability in the NETGEAR XR1000v2
allows attackers connected to the router's LAN to execute OS command
injections.
CVSS Score
6.1
EPSS Score
0.002
Published
2026-01-13
An insufficient authentication vulnerability in NETGEAR WiFi range
extenders allows a network adjacent attacker with WiFi authentication or
a physical Ethernet port connection to bypass the authentication
process and access the admin panel.
CVSS Score
6.1
EPSS Score
0.002
Published
2026-01-13
Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the iface parameter in the action_bandwidth function.
CVSS Score
6.5
EPSS Score
0.008
Published
2025-12-23
Netgear EX8000 V1.0.0.126 was discovered to contain a command injection vulnerability via the switch_status function.
CVSS Score
9.8
EPSS Score
0.01
Published
2025-12-23
Denial of Service Vulnerability in NETGEAR C6220 and C6230 (DOCSIS® 3.0 Two-in-one Cable Modem + WiFi Router) allows authenticated local WiFi users reboot the router.
CVSS Score
5.0
EPSS Score
0.002
Published
2025-12-09
A vulnerability in NETGEAR Nighthawk R7000P routers lets an authenticated admin execute OS command injections due to improper input validation.
This issue affects R7000P: through 1.3.3.154.
CVSS Score
1.1
EPSS Score
0.016
Published
2025-12-09
A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques (MiTM) to manipulate DNS responses and execute commands when speedtests are run.
This issue affects RS700: through 1.0.7.82; RAX54Sv2 : before V1.1.6.36; RAX41v2: before V1.1.6.36; RAX50: before V1.2.14.114; RAXE500: before V1.2.14.114; RAX41: before V1.0.17.142; RAX43: before V1.0.17.142; RAX35v2: before V1.0.17.142; RAXE450: before V1.2.14.114; RAX43v2: before V1.1.6.36; RAX42: before V1.0.17.142; RAX45: before V1.0.17.142; RAX50v2: before V1.1.6.36; MR90: before V1.0.2.46; MS90: before V1.0.2.46; RAX42v2: before V1.1.6.36; RAX49S: before V1.1.6.36.
CVSS Score
4.4
EPSS Score
0.003
Published
2025-12-09
Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610
and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6
Access Points). An user having access to the syslog server can read the logs containing these credentials.
This issue affects WAX610: before 10.8.11.4; WAX610Y: before 10.8.11.4.
Devices
managed with Insight get automatic updates. If not, please check the firmware version
and update to the latest.
Fixed in:
WAX610 firmware
11.8.0.10 or later.
WAX610Y firmware
11.8.0.10 or later.
CVSS Score
0.5
EPSS Score
0.002
Published
2025-11-11