Description
An improper implementation of TLS certificate validation vulnerability found in ReadyCloud client app which can allow an attacker to perform attacker-in-the-middle (MiTM) style attacks impacting product's confidentiality. This vulnerability affects the listed NETGEAR models.
Published: 2026-06-09
Score: 4.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper implementation of TLS certificate validation in the ReadyCloud client app, allowing an attacker to perform a man‑in‑the‑middle style attack that compromises the confidentiality of data transmitted to the device. It is a certificate validation failure (CWE‑325).

Affected Systems

Affected devices are NETGEAR routers models RAX120v1, RAX120v2, RAX35, RAX38, and RAX40. The firmware versions that contain the fix are V1.2.9.52 for the 120 series, and V1.0.6.106 for the 35, 38, and 40 series. Devices that remain on older firmware are still vulnerable.

Risk and Exploitability

The CVSS score is 4.6, indicating a moderate impact. The EPSS score is not available, and the vulnerability is not listed in CISA KEV. Based on the description, it is inferred that an attacker would need the ability to intercept TLS traffic between the device and its intended server, which typically requires remote or local network presence to exploit the missing validation. The overall risk is moderate, with the primary threat being confidentiality loss through intercepted traffic.

Generated by OpenCVE AI on June 9, 2026 at 17:22 UTC.

Remediation

Vendor Solution

Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in: ProductFixed VersionRAX120v1 (EoS) V1.2.9.52 https://www.netgear.com/support/product/rax120v1 RAX120v2 Nighthawk AX12 12-Stream AX6000 WiFi Router V1.2.9.52 https://www.netgear.com/support/product/rax120v2/ RAX35 (EoS) Nighthawk AX4 4-Stream WiFi 6 Router V1.0.6.106 https://www.netgear.com/support/product/rax35/ RAX38 (EoS) Nighthawk AX4 4-Stream AX3000 WiFi Router V1.0.6.106 https://www.netgear.com/support/product/rax38/ RAX40 (EoS) Nighthawk AX4 4-Stream WiFi Router V1.0.6.106 https://www.netgear.com/support/product/rax40/ Models marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support.

OpenCVE Recommended Actions

  • Update the firmware on each affected NETGEAR router to the latest available release (e.g., RAX120v1 to firmware V1.2.9.52).
  • If a firmware update is not possible, retire the device and replace it with a newer NETGEAR model that receives ongoing security support.
  • Monitor network traffic for abnormal TLS behavior to detect potential man‑in‑the‑middle attacks during the transition period.

Generated by OpenCVE AI on June 9, 2026 at 17:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
References

Tue, 09 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Netgear
Netgear rax120v1
Netgear rax120v2
Netgear rax35
Netgear rax38
Netgear rax40
Vendors & Products Netgear
Netgear rax120v1
Netgear rax120v2
Netgear rax35
Netgear rax38
Netgear rax40

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Description An improper implementation of TLS certificate validation vulnerability found in ReadyCloud client app which can allow an attacker to perform attacker-in-the-middle (MiTM) style attacks impacting product's confidentiality. This vulnerability affects the listed NETGEAR models.
Title Missing TLS certificate validation in ReadyCloud client app
Weaknesses CWE-325
References
Metrics cvssV4_0

{'score': 4.6, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U'}

Subscriptions

Netgear Rax120v1 Rax120v2 Rax35 Rax38 Rax40
cve-icon MITRE

Status: PUBLISHED

Assigner: NETGEAR

Published:

Updated: 2026-06-10T13:03:00.381Z

Reserved: 2025-12-03T04:16:27.690Z

Link: CVE-2026-0420

cve-icon Vulnrichment

Updated: 2026-06-09T17:23:12.088Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:00.147

Modified: 2026-06-10T14:16:31.257

Link: CVE-2026-0420

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T17:30:10Z

Weaknesses