Description
A security flaw was discovered in certain NETGEAR Nighthawk RAX series routers
that could allow someone already logged in to the device to run unauthorized commands
or code on the router.
Published: 2026-07-14
Score: 4.7 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

Vendor Solution

Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in: ProductFixed VersionRAX43 (EoS) Nighthawk AX5 5-Stream AX4200 WiFi Router V1.0.17.142 https://www.netgear.com/support/product/rax43/ RAX45 (EoS) Nighthawk AX6 6-Stream AX4300 WiFi Router V1.0.17.142 https://www.netgear.com/support/product/rax45/ RAX50 Nighthawk AX6 6-Stream AX5400 WiFi 6 Router V1.0.17.142 https://www.netgear.com/support/product/rax50/ RAX54S Nighthawk AX6 6-Stream AX5400 WiFi Router V1.0.17.142 https://www.netgear.com/support/product/rax54s/ RAX54Sv2 Nighthawk AX6 6-Stream AX5400 WiFi Router V1.1.6.36 https://www.netgear.com/support/product/rax54sv2/ Models marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Jul 2026 18:15:00 +0000

Type Values Removed Values Added
Description A security flaw was discovered in certain NETGEAR Nighthawk RAX series routers that could allow someone already logged in to the device to run unauthorized commands or code on the router.
Title Post-authentication Command Injection Vulnerability in certain Nighthawk RAX series models
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 4.7, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: NETGEAR

Published:

Updated: 2026-07-14T17:46:12.018Z

Reserved: 2026-07-14T16:31:02.509Z

Link: CVE-2026-62658

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses