Search criteria

2 vulnerabilities found for CAX30 by NETGEAR

CVE-2026-9211 (GCVE-0-2026-9211)

Vulnerability from cvelistv5 – Published: 2026-06-09 15:50 – Updated: 2026-06-10 18:16
VLAI?
Title
Certain NETGEAR routers allow unauthenticated users to gain control of the router
Summary
An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation.
CWE
  • CWE-20 - Improper input validation
Assigner
Impacted products
Vendor Product Version
NETGEAR CAX30 Affected: 0 , < V2.2.1.4 (custom)
Create a notification for this product.
    NETGEAR RAX30 Affected: 0 , < V1.0.10.94 (custom)
Create a notification for this product.
    NETGEAR RAX5 Affected: 0 , < V1.0.5.34 (custom)
Create a notification for this product.
    NETGEAR RAXE300 Affected: 0 , < V1.0.10.72 (custom)
Create a notification for this product.
Credits
kaoken
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9211",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-09T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-10T03:59:26.298Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CAX30",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThan": "V2.2.1.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RAX30",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThan": "V1.0.10.94",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RAX5",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThan": "V1.0.5.34",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RAXE300",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThan": "V1.0.10.72",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "kaoken"
        }
      ],
      "datePublic": "2026-06-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eAn unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-33",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-33 HTTP Request Smuggling"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "ADJACENT",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "UNREPORTED",
            "privilegesRequired": "NONE",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "LOW"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper input validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-10T18:16:48.508Z",
        "orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
        "shortName": "NETGEAR"
      },
      "references": [
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/cax30/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/rax30/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/rax5/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/raxe300/"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eDevices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\u003c/p\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eProduct\u003c/th\u003e\u003cth\u003eFixed Version\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eCAX30\u003c/b\u003e Nighthawk AX6 6-Stream WiFi 6 Cable Modem Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/cax30/\"\u003eV2.2.1.4\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX30\u003c/b\u003e Nighthawk AX5 5-Stream AX2400 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax30/\"\u003eV1.0.10.94\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX5\u003c/b\u003e 4-Stream AX1600 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax5/\"\u003eV1.0.5.34\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAXE300\u003c/b\u003e Nighthawk AXE7800 Tri-Band WiFi 6E Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/raxe300/\"\u003eV1.0.10.72\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
            }
          ],
          "value": "Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\n\nProductFixed VersionCAX30 Nighthawk AX6 6-Stream WiFi 6 Cable Modem Router V2.2.1.4 https://www.netgear.com/support/product/cax30/ RAX30 Nighthawk AX5 5-Stream AX2400 WiFi 6 Router V1.0.10.94 https://www.netgear.com/support/product/rax30/ RAX5 4-Stream AX1600 WiFi 6 Router V1.0.5.34 https://www.netgear.com/support/product/rax5/ RAXE300 Nighthawk AXE7800 Tri-Band WiFi 6E Router V1.0.10.72 https://www.netgear.com/support/product/raxe300/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Certain NETGEAR routers allow unauthenticated users to gain control of the router",
      "x_generator": {
        "engine": "Vulnogram 1.0.3"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
    "assignerShortName": "NETGEAR",
    "cveId": "CVE-2026-9211",
    "datePublished": "2026-06-09T15:50:48.437Z",
    "dateReserved": "2026-05-21T17:29:03.440Z",
    "dateUpdated": "2026-06-10T18:16:48.508Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-44445 (GCVE-0-2023-44445)

Vulnerability from cvelistv5 – Published: 2024-05-03 02:14 – Updated: 2024-08-02 20:07
VLAI?
Title
NETGEAR CAX30 SSO Stack-based Buffer Overflow Remote Code Execution Vulnerability
Summary
NETGEAR CAX30 SSO Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sso binary. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19058.
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
zdi
Impacted products
Vendor Product Version
NETGEAR CAX30 Affected: 1.4.10.8
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:netgear:CAX30:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "CAX30",
            "vendor": "netgear",
            "versions": [
              {
                "status": "affected",
                "version": "1.4.10.8"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-44445",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-06T14:25:44.214686Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:19:28.139Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:07:33.183Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ZDI-23-1636",
            "tags": [
              "x_research-advisory",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1636/"
          },
          {
            "name": "vendor-provided URL",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://kb.netgear.com/000065859/Security-Advisory-for-Pre-authentication-Buffer-Overflow-on-the-CAX30-PSV-2023-0093"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "CAX30",
          "vendor": "NETGEAR",
          "versions": [
            {
              "status": "affected",
              "version": "1.4.10.8"
            }
          ]
        }
      ],
      "dateAssigned": "2023-09-28T18:14:48.348Z",
      "datePublic": "2023-11-14T21:53:12.803Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "NETGEAR CAX30 SSO Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the sso binary. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19058."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-03T02:14:08.089Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-23-1636",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1636/"
        },
        {
          "name": "vendor-provided URL",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.netgear.com/000065859/Security-Advisory-for-Pre-authentication-Buffer-Overflow-on-the-CAX30-PSV-2023-0093"
        }
      ],
      "source": {
        "lang": "en",
        "value": "Amol Dosanjh"
      },
      "title": "NETGEAR CAX30 SSO Stack-based Buffer Overflow Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2023-44445",
    "datePublished": "2024-05-03T02:14:08.089Z",
    "dateReserved": "2023-09-28T18:02:49.775Z",
    "dateUpdated": "2024-08-02T20:07:33.183Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}