CVE-2026-0420

Summary

An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks impacting the product's confidentiality. This vulnerability affects the listed NETGEAR models.

Affected Software

VendorProductVersion RangeStatus
NETGEARRAX120v10 < V1.2.9.52affected
NETGEARRAX120v20 < V1.2.9.52affected
NETGEARRAX350 < V1.0.6.106affected
NETGEARRAX380 < V1.0.6.106affected
NETGEARRAX400 < V1.0.6.106affected

Weaknesses

  • CWE-325: CWE-325 Missing cryptographic step

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References