Netgear Rax30_firmware
33 CVEs affecting Netgear Rax30_firmware. Latest disclosed: 2026-06-09. Critical: 4, High: 23.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-44658 | Critical | 9.8 | 2025-07-21 | In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An att… |
CVE-2023-1327 | Critical | 9.8 | 2023-03-14 | Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain adminis… |
CVE-2023-27853 | Critical | 9.8 | 2023-03-10 | NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary c… |
CVE-2023-27852 | Critical | 9.8 | 2023-03-10 | NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute a… |
CVE-2026-9211 | High | 8.8 | 2026-06-09 | An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation. |
CVE-2023-51635 | High | 8.8 | 2024-11-22 | NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitra… |
CVE-2023-40480 | High | 8.8 | 2024-05-03 | NETGEAR RAX30 DHCP Server Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code… |
CVE-2023-40479 | High | 8.8 | 2024-05-03 | NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on aff… |
CVE-2023-35722 | High | 8.8 | 2024-05-03 | NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on aff… |
CVE-2023-34285 | High | 8.8 | 2024-05-03 | NETGEAR RAX30 cmsCli_authenticate Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to exec… |
CVE-2023-27369 | High | 8.8 | 2024-05-03 | NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute ar… |
CVE-2023-27368 | High | 8.8 | 2024-05-03 | NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arb… |
CVE-2023-27360 | High | 8.8 | 2024-05-03 | NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on… |
CVE-2023-27358 | High | 8.8 | 2024-05-03 | NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on… |
CVE-2023-28337 | High | 8.8 | 2023-03-15 | When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complet… |
CVE-2023-27851 | High | 8.8 | 2023-03-10 | NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that unintentionally allows users with upload permissions to execute arbit… |
CVE-2023-1205 | High | 8.8 | 2023-03-10 | NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF prot… |
CVE-2022-47209 | High | 8.8 | 2022-12-16 | A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is “support” and cannot be… |
CVE-2023-27367 | High | 8.0 | 2024-05-03 | NETGEAR RAX30 libcms_cli Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code… |
CVE-2023-27361 | High | 8.0 | 2024-05-03 | NETGEAR RAX30 rex_cgi JSON Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to exe… |