Description
A
security flaw was found in certain NETGEAR RAX models that could allow
a logged-in user to send specially crafted requests to the router and run
unauthorized commands. This could enable the user to make unauthorized changes
to the router and affect its security and operation.
Published: 2026-07-14
Score: 5.4 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

Vendor Solution

Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in: ProductFixed VersionRAXE450 Nighthawk AXE10000 Tri-Band WiFi 6E Router V1.2.14.114 https://www.netgear.com/support/product/raxe450/ RAXE500 Nighthawk AX12 12-Stream AXE11000 Tri-Band WiFi 6E Router V1.2.14.114 https://www.netgear.com/support/product/raxe500/

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Jul 2026 18:15:00 +0000

Type Values Removed Values Added
Description A security flaw was found in certain NETGEAR RAX models that could allow a logged-in user to send specially crafted requests to the router and run unauthorized commands. This could enable the user to make unauthorized changes to the router and affect its security and operation.
Title Post-authenticated command injection vulnerability found in certain NETGEAR RAX models
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 5.4, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: NETGEAR

Published:

Updated: 2026-07-14T17:46:15.194Z

Reserved: 2026-07-14T16:31:02.508Z

Link: CVE-2026-62656

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses