Home

Description

An improper implementation of TLS certificate validation vulnerability found in ReadyCloud client app which can allow an attacker to perform attacker-in-the-middle (MiTM) style attacks impacting product's confidentiality. This vulnerability affects the listed NETGEAR models.

PUBLISHED Reserved 2025-12-03 | Published 2026-06-09 | Updated 2026-06-10 | Assigner NETGEAR




MEDIUM: 4.6CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

Problem types

CWE-325 Missing cryptographic step

Product status

Default status
unaffected

Any version before V1.2.9.52
affected

Default status
unaffected

Any version before V1.2.9.52
affected

Default status
unaffected

Any version before V1.0.6.106
affected

Default status
unaffected

Any version before V1.0.6.106
affected

Default status
unaffected

Any version before V1.0.6.106
affected

Credits

talsonor finder

References

www.netgear.com/support/product/rax35/ product patch

www.netgear.com/support/product/rax38/ product patch

www.netgear.com/support/product/rax40/ product patch

www.netgear.com/support/product/rax120v2/ product patch

kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory vendor-advisory

cve.org (CVE-2026-0420)

nvd.nist.gov (CVE-2026-0420)

Download JSON