Home

Description

A security flaw in the router's certificate validation process was discovered in the NETGEAR XR1000 Gaming Router and certain Nighthawk models that could allow an unauthorized person to remotely access and take control of the device.

PUBLISHED Reserved 2026-07-14 | Published 2026-07-14 | Updated 2026-07-14 | Assigner NETGEAR




MEDIUM: 4.9CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

Problem types

CWE-599 Missing validation of OpenSSL certificate

Product status

Default status
unaffected

Any version before V1.0.4.48
affected

Default status
unaffected

Any version before V1.0.4.48
affected

Default status
unaffected

Any version before V1.2.14.114
affected

Default status
unaffected

Any version before V1.0.2.86
affected

Credits

fluorescent finder

References

www.netgear.com/support/product/mr70/ product patch

www.netgear.com/support/product/raxe500/ product patch

www.netgear.com/support/product/ms70/ product patch

www.netgear.com/support/product/xr1000/ product patch

cve.org (CVE-2026-62657)

nvd.nist.gov (CVE-2026-62657)

Download JSON