Netgear Rax40

25 CVEs affecting Netgear Rax40. Latest disclosed: 2026-06-09. Critical: 3, High: 11.

Top CVEs affecting Netgear Rax40
CVESeverityScorePublishedSummary
CVE-2019-20646Critical9.82020-04-15NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of administrative credentials.
CVE-2020-26898Critical9.62020-10-09NETGEAR RAX40 devices before 1.0.3.80 are affected by incorrect configuration of security settings.
CVE-2020-35800Critical9.42020-12-30Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 befor…
CVE-2023-27358High8.82024-05-03NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on…
CVE-2022-27645High8.82023-03-29This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not requi…
CVE-2022-27642High8.82023-03-29This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentic…
CVE-2019-20641High8.82020-04-15NETGEAR RAX40 devices before 1.0.3.64 are affected by lack of access control at the function level.
CVE-2021-45549High8.42021-12-26Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LAX20 before 1.1.6.28, MK62 before 1.1.6.122, MR60 before 1.1…
CVE-2022-27647High8.02023-03-29This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although…
CVE-2019-20642High8.02020-04-15NETGEAR RAX40 devices before 1.0.3.64 are affected by authentication bypass.
CVE-2021-45493High7.62021-12-26Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before…
CVE-2019-20643High7.52020-04-15NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of sensitive information.
CVE-2022-48196High7.42022-12-30Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 be…
CVE-2021-41449High7.12021-12-09A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access…
CVE-2026-0420Medium5.92026-06-09An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attack…
CVE-2019-20647Medium5.72020-04-15NETGEAR RAX40 devices before 1.0.3.64 are affected by denial of service.
CVE-2021-38533Medium5.42021-08-11NETGEAR RAX40 devices before 1.0.3.64 are affected by stored XSS.
CVE-2019-20645Medium4.82020-04-15NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS.
CVE-2019-20644Medium4.82020-04-15NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS.
CVE-2021-45604Medium4.52021-12-26Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects CBR750 before 3.2.18.2, D6220 before 1.0.0.68, D64…