Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-0420

Summary
Assigner-NETGEAR
Assigner Org ID-a2826606-91e7-4eb6-899e-8484bd4575d5
Published At-09 Jun, 2026 | 15:50
Updated At-11 Jun, 2026 | 05:19
Rejected At-
Credits

Missing TLS certificate validation in NETGEAR's ReadyCloud client app

An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks impacting the product's confidentiality. This vulnerability affects the listed NETGEAR models.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:NETGEAR
Assigner Org ID:a2826606-91e7-4eb6-899e-8484bd4575d5
Published At:09 Jun, 2026 | 15:50
Updated At:11 Jun, 2026 | 05:19
Rejected At:
▼CVE Numbering Authority (CNA)
Missing TLS certificate validation in NETGEAR's ReadyCloud client app

An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks impacting the product's confidentiality. This vulnerability affects the listed NETGEAR models.

Affected Products
Vendor
NETGEAR, Inc.NETGEAR
Product
RAX120v1
Default Status
unaffected
Versions
Affected
  • From 0 before V1.2.9.52 (custom)
Vendor
NETGEAR, Inc.NETGEAR
Product
RAX120v2
Default Status
unaffected
Versions
Affected
  • From 0 before V1.2.9.52 (custom)
Vendor
NETGEAR, Inc.NETGEAR
Product
RAX35
Default Status
unaffected
Versions
Affected
  • From 0 before V1.0.6.106 (custom)
Vendor
NETGEAR, Inc.NETGEAR
Product
RAX38
Default Status
unaffected
Versions
Affected
  • From 0 before V1.0.6.106 (custom)
Vendor
NETGEAR, Inc.NETGEAR
Product
RAX40
Default Status
unaffected
Versions
Affected
  • From 0 before V1.0.6.106 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-325CWE-325 Missing cryptographic step
Type: CWE
CWE ID: CWE-325
Description: CWE-325 Missing cryptographic step
Metrics
VersionBase scoreBase severityVector
4.04.6MEDIUM
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
Version: 4.0
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-217CAPEC-217 Exploiting Incorrectly Configured SSL/TLS
CAPEC ID: CAPEC-217
Description: CAPEC-217 Exploiting Incorrectly Configured SSL/TLS
Solutions

Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in: ProductFixed VersionRAX120v1 (EoS) V1.2.9.52 https://www.netgear.com/support/product/rax120v1 RAX120v2 Nighthawk AX12 12-Stream AX6000 WiFi Router V1.2.9.52 https://www.netgear.com/support/product/rax120v2/ RAX35 (EoS) Nighthawk AX4 4-Stream WiFi 6 Router V1.0.6.106 https://www.netgear.com/support/product/rax35/ RAX38 (EoS) Nighthawk AX4 4-Stream AX3000 WiFi Router V1.0.6.106 https://www.netgear.com/support/product/rax38/ RAX40 (EoS) Nighthawk AX4 4-Stream WiFi Router V1.0.6.106 https://www.netgear.com/support/product/rax40/ Models marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support.

Configurations
Workarounds
Exploits
Credits
finder
talsonor
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.netgear.com/support/product/rax35/
product
patch
https://www.netgear.com/support/product/rax38/
product
patch
https://www.netgear.com/support/product/rax40/
product
patch
https://www.netgear.com/support/product/rax120v2/
product
patch
https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory
vendor-advisory
Hyperlink: https://www.netgear.com/support/product/rax35/
Resource:
product
patch
Hyperlink: https://www.netgear.com/support/product/rax38/
Resource:
product
patch
Hyperlink: https://www.netgear.com/support/product/rax40/
Resource:
product
patch
Hyperlink: https://www.netgear.com/support/product/rax120v2/
Resource:
product
patch
Hyperlink: https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:a2826606-91e7-4eb6-899e-8484bd4575d5
Published At:09 Jun, 2026 | 17:17
Updated At:11 Jun, 2026 | 07:16

An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks impacting the product's confidentiality. This vulnerability affects the listed NETGEAR models.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.04.6MEDIUM
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-325Secondarya2826606-91e7-4eb6-899e-8484bd4575d5
CWE ID: CWE-325
Type: Secondary
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisorya2826606-91e7-4eb6-899e-8484bd4575d5
N/A
https://www.netgear.com/support/product/rax120v2/a2826606-91e7-4eb6-899e-8484bd4575d5
N/A
https://www.netgear.com/support/product/rax35/a2826606-91e7-4eb6-899e-8484bd4575d5
N/A
https://www.netgear.com/support/product/rax38/a2826606-91e7-4eb6-899e-8484bd4575d5
N/A
https://www.netgear.com/support/product/rax40/a2826606-91e7-4eb6-899e-8484bd4575d5
N/A
Hyperlink: https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Resource: N/A
Hyperlink: https://www.netgear.com/support/product/rax120v2/
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Resource: N/A
Hyperlink: https://www.netgear.com/support/product/rax35/
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Resource: N/A
Hyperlink: https://www.netgear.com/support/product/rax38/
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Resource: N/A
Hyperlink: https://www.netgear.com/support/product/rax40/
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found