that could allow someone already logged in to the device to run unauthorized commands
or code on the router.
No analysis available yet.
Vendor Solution
Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in: ProductFixed VersionRAX43 (EoS) Nighthawk AX5 5-Stream AX4200 WiFi Router V1.0.17.142 https://www.netgear.com/support/product/rax43/ RAX45 (EoS) Nighthawk AX6 6-Stream AX4300 WiFi Router V1.0.17.142 https://www.netgear.com/support/product/rax45/ RAX50 Nighthawk AX6 6-Stream AX5400 WiFi 6 Router V1.0.17.142 https://www.netgear.com/support/product/rax50/ RAX54S Nighthawk AX6 6-Stream AX5400 WiFi Router V1.0.17.142 https://www.netgear.com/support/product/rax54s/ RAX54Sv2 Nighthawk AX6 6-Stream AX5400 WiFi Router V1.1.6.36 https://www.netgear.com/support/product/rax54sv2/ Models marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 14 Jul 2026 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A security flaw was discovered in certain NETGEAR Nighthawk RAX series routers that could allow someone already logged in to the device to run unauthorized commands or code on the router. | |
| Title | Post-authentication Command Injection Vulnerability in certain Nighthawk RAX series models | |
| Weaknesses | CWE-20 | |
| References |
| |
| Metrics |
cvssV4_0
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: NETGEAR
Published:
Updated: 2026-07-14T17:46:12.018Z
Reserved: 2026-07-14T16:31:02.509Z
Link: CVE-2026-62658
No data.
No data.
No data.
OpenCVE Enrichment
No data.
-
CWE-20
Improper Input Validation