Description
An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks impacting the product's confidentiality. This vulnerability affects the listed NETGEAR models.
Published: 2026-06-09
Score: 4.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from an improper implementation of TLS certificate validation in NETGEAR's ReadyCloud client app, allowing an attacker to conduct man‑in‑the‑middle style attacks that compromise the confidentiality of data transmitted to the device. This is a certificate validation failure (CWE‑325).

Affected Systems

Affected devices are NETGEAR routers models RAX120v1, RAX120v2, RAX35, RAX38, and RAX40. The firmware versions that contain the fix are V1.2.9.52 for the 120 series, and V1.0.6.106 for the 35, 38, and 40 series. Devices that remain on older firmware are still vulnerable.

Risk and Exploitability

The CVSS score is 4.6, indicating a moderate impact. The EPSS score is 0.00021 (< 1%), and the vulnerability is not listed in CISA KEV. Based on the description, it is inferred that an attacker would need the ability to intercept TLS traffic between the device and its intended server, which typically requires remote or local network presence to exploit the missing validation. The overall risk is moderate, with the primary threat being confidentiality loss through intercepted traffic.

Generated by OpenCVE AI on June 11, 2026 at 07:51 UTC.

Remediation

Vendor Solution

Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in: ProductFixed VersionRAX120v1 (EoS) V1.2.9.52 https://www.netgear.com/support/product/rax120v1 RAX120v2 Nighthawk AX12 12-Stream AX6000 WiFi Router V1.2.9.52 https://www.netgear.com/support/product/rax120v2/ RAX35 (EoS) Nighthawk AX4 4-Stream WiFi 6 Router V1.0.6.106 https://www.netgear.com/support/product/rax35/ RAX38 (EoS) Nighthawk AX4 4-Stream AX3000 WiFi Router V1.0.6.106 https://www.netgear.com/support/product/rax38/ RAX40 (EoS) Nighthawk AX4 4-Stream WiFi Router V1.0.6.106 https://www.netgear.com/support/product/rax40/ Models marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support.

OpenCVE Recommended Actions

  • Update the firmware on each affected NETGEAR router to the latest available release (e.g., RAX120v1 to firmware V1.2.9.52).
  • If a firmware update is not possible, retire the device and replace it with a newer NETGEAR model that receives ongoing security support.
  • Monitor network traffic for abnormal TLS behavior to detect potential man‑in‑the‑middle attacks during the transition period.

Generated by OpenCVE AI on June 11, 2026 at 07:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 06:45:00 +0000

Type Values Removed Values Added
Description An improper implementation of TLS certificate validation vulnerability found in ReadyCloud client app which can allow an attacker to perform attacker-in-the-middle (MiTM) style attacks impacting product's confidentiality. This vulnerability affects the listed NETGEAR models. An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks impacting the product's confidentiality. This vulnerability affects the listed NETGEAR models.
Title Missing TLS certificate validation in ReadyCloud client app Missing TLS certificate validation in NETGEAR's ReadyCloud client app

Wed, 10 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
References

Tue, 09 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Netgear
Netgear rax120v1
Netgear rax120v2
Netgear rax35
Netgear rax38
Netgear rax40
Vendors & Products Netgear
Netgear rax120v1
Netgear rax120v2
Netgear rax35
Netgear rax38
Netgear rax40

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Description An improper implementation of TLS certificate validation vulnerability found in ReadyCloud client app which can allow an attacker to perform attacker-in-the-middle (MiTM) style attacks impacting product's confidentiality. This vulnerability affects the listed NETGEAR models.
Title Missing TLS certificate validation in ReadyCloud client app
Weaknesses CWE-325
References
Metrics cvssV4_0

{'score': 4.6, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U'}

Subscriptions

Netgear Rax120v1 Rax120v2 Rax35 Rax38 Rax40
cve-icon MITRE

Status: PUBLISHED

Assigner: NETGEAR

Published:

Updated: 2026-06-11T05:19:09.117Z

Reserved: 2025-12-03T04:16:27.690Z

Link: CVE-2026-0420

cve-icon Vulnrichment

Updated: 2026-06-09T17:23:12.088Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:00.147

Modified: 2026-06-11T07:16:26.570

Link: CVE-2026-0420

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T08:00:15Z

Weaknesses
  • CWE-325

    Missing Cryptographic Step