Back to overview

CVE-2026-62657

MEDIUM
4.9
CVSS 4.0
Description
A security flaw in the router's certificate validation process was discovered in the NETGEAR XR1000 Gaming Router and certain Nighthawk models that could allow an unauthorized person to remotely access and take control of the device.

Metadata

CVE ID
CVE-2026-62657
State
PUBLISHED
Assigner
NETGEAR
Reserved
2026-07-14 16:31 UTC
Published
2026-07-14 17:46 UTC
Last updated
2026-07-14 17:46 UTC
Primary CWE
CWE-599
CWE-599 Missing validation of OpenSSL certificate
Vendor / Product
NETGEAR / MR70
Sources
cve.org  ·  NVD

Severity & Metrics

4.9 MEDIUM CVSS 4.0
CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
Affected products (4)
VendorProductPlatformVersions
NETGEAR MR70 0 < V1.0.4.48
NETGEAR MS70 0 < V1.0.4.48
NETGEAR RAXE500 0 < V1.2.14.114
NETGEAR XR1000 0 < V1.0.2.86
Weakness (CWE)
CWESourceDescription
CWE-599 cna CWE-599 Missing validation of OpenSSL certificate
CVSS scores (1)
ScoreSeverityVersionSourceVector
4.9 MEDIUM 4.0 cna CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
Back to overview