CVE-2026-62657
4.9
CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
Summary
A security flaw in the router's certificate validation process was discovered in the NETGEAR XR1000 Gaming Router and certain Nighthawk models that could allow an unauthorized person to remotely access and take control of the device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| NETGEAR | MR70 | 0 < V1.0.4.48 | affected |
| NETGEAR | MS70 | 0 < V1.0.4.48 | affected |
| NETGEAR | RAXE500 | 0 < V1.2.14.114 | affected |
| NETGEAR | XR1000 | 0 < V1.0.2.86 | affected |
Weaknesses
- CWE-599: CWE-599 Missing validation of OpenSSL certificate
References
- https://www.netgear.com/support/product/mr70/
- https://www.netgear.com/support/product/raxe500/
- https://www.netgear.com/support/product/ms70/
- https://www.netgear.com/support/product/xr1000/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.