Netgear Rax40_firmware
25 CVEs affecting Netgear Rax40_firmware. Latest disclosed: 2026-06-09. Critical: 3, High: 11.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-20646 | Critical | 9.8 | 2020-04-15 | NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of administrative credentials. |
CVE-2020-26898 | Critical | 9.6 | 2020-10-09 | NETGEAR RAX40 devices before 1.0.3.80 are affected by incorrect configuration of security settings. |
CVE-2020-35800 | Critical | 9.4 | 2020-12-30 | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 befor… |
CVE-2023-27358 | High | 8.8 | 2024-05-03 | NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on… |
CVE-2022-27645 | High | 8.8 | 2023-03-29 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not requi… |
CVE-2022-27642 | High | 8.8 | 2023-03-29 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentic… |
CVE-2019-20641 | High | 8.8 | 2020-04-15 | NETGEAR RAX40 devices before 1.0.3.64 are affected by lack of access control at the function level. |
CVE-2021-45549 | High | 8.4 | 2021-12-26 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LAX20 before 1.1.6.28, MK62 before 1.1.6.122, MR60 before 1.1… |
CVE-2022-27647 | High | 8.0 | 2023-03-29 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although… |
CVE-2019-20642 | High | 8.0 | 2020-04-15 | NETGEAR RAX40 devices before 1.0.3.64 are affected by authentication bypass. |
CVE-2021-45493 | High | 7.6 | 2021-12-26 | Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before… |
CVE-2019-20643 | High | 7.5 | 2020-04-15 | NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of sensitive information. |
CVE-2022-48196 | High | 7.4 | 2022-12-30 | Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 be… |
CVE-2021-41449 | High | 7.1 | 2021-12-09 | A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access… |
CVE-2026-0420 | Medium | 5.9 | 2026-06-09 | An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attack… |
CVE-2019-20647 | Medium | 5.7 | 2020-04-15 | NETGEAR RAX40 devices before 1.0.3.64 are affected by denial of service. |
CVE-2021-38533 | Medium | 5.4 | 2021-08-11 | NETGEAR RAX40 devices before 1.0.3.64 are affected by stored XSS. |
CVE-2019-20645 | Medium | 4.8 | 2020-04-15 | NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS. |
CVE-2019-20644 | Medium | 4.8 | 2020-04-15 | NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS. |
CVE-2021-45604 | Medium | 4.5 | 2021-12-26 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects CBR750 before 3.2.18.2, D6220 before 1.0.0.68, D64… |