Description
An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation.
Published: 2026-06-09
Score: 5.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability permits an unauthenticated user on the local network to take control of the router, enabling them to modify any configuration or settings. The weakness arises from insufficient input validation (CWE‑20). Gaining such control can compromise network confidentiality, integrity, and availability.

Affected Systems

The affected devices are NETGEAR routers built on the CAX30, RAX30, RAX5, and RAXE300 platforms. Vulnerable versions include CAX30 firmware up to V2.2.1.4, RAX30 firmware up to V1.0.10.94, RAX5 firmware up to V1.0.5.34, and RAXE300 firmware up to V1.0.10.72. Firmware versions beyond those listed contain the fix.

Risk and Exploitability

The CVSS score of 5.2 places the vulnerability in the moderate severity range. Although the official EPSS score is not available, the lack of external exploitation data suggests lower likelihood of public exploit, yet local attackers present a realistic threat. The vulnerability is not yet in the KEV catalog. An attacker on the LAN can send malicious commands to the router without authentication, potentially enabling network disruption or eavesdropping.

Generated by OpenCVE AI on June 9, 2026 at 17:42 UTC.

Remediation

Vendor Solution

Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in: ProductFixed VersionCAX30 Nighthawk AX6 6-Stream WiFi 6 Cable Modem Router V2.2.1.4 https://www.netgear.com/support/product/cax30/ RAX30 Nighthawk AX5 5-Stream AX2400 WiFi 6 Router V1.0.10.94 https://www.netgear.com/support/product/rax30/ RAX5 4-Stream AX1600 WiFi 6 Router V1.0.5.34 https://www.netgear.com/support/product/rax5/ RAXE300 Nighthawk AXE7800 Tri-Band WiFi 6E Router V1.0.10.72 https://www.netgear.com/support/product/raxe300/

OpenCVE Recommended Actions

  • Upgrade the router firmware to the latest version that includes the fix (e.g., CAX30 V2.2.1.4, RAX30 V1.0.10.94, RAX5 V1.0.5.34, or RAXE300 V1.0.10.72).
  • Change the router’s administrator password from the default to a strong, unique credential.
  • Disable or restrict remote management features and limit local network access to the router to trusted devices.

Generated by OpenCVE AI on June 9, 2026 at 17:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
References

Tue, 09 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Netgear
Netgear cax30
Netgear rax30
Netgear rax5
Netgear raxe300
Vendors & Products Netgear
Netgear cax30
Netgear rax30
Netgear rax5
Netgear raxe300

Tue, 09 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Description An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation.
Title Certain NETGEAR routers allow unauthenticated users to gain control of the router
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 5.2, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber'}

Subscriptions

Netgear Cax30 Rax30 Rax5 Raxe300
cve-icon MITRE

Status: PUBLISHED

Assigner: NETGEAR

Published:

Updated: 2026-06-10T18:16:48.508Z

Reserved: 2026-05-21T17:29:03.440Z

Link: CVE-2026-9211

cve-icon Vulnrichment

Updated: 2026-06-09T17:38:40.223Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:51.380

Modified: 2026-06-10T19:16:39.107

Link: CVE-2026-9211

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T20:20:25Z

Weaknesses
  • CWE-20

    Improper Input Validation