CVE-2026-62657
MEDIUM
4.9
CVSS 4.0
Description
A security flaw in the router's certificate validation process was
discovered in the NETGEAR XR1000 Gaming Router and certain Nighthawk models that could allow an unauthorized person to remotely access and take
control of the device.
Metadata
Severity & Metrics
4.9
MEDIUM CVSS 4.0
CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
Affected products (4)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| NETGEAR | MR70 | — | 0 < V1.0.4.48 |
| NETGEAR | MS70 | — | 0 < V1.0.4.48 |
| NETGEAR | RAXE500 | — | 0 < V1.2.14.114 |
| NETGEAR | XR1000 | — | 0 < V1.0.2.86 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-599 | cna | CWE-599 Missing validation of OpenSSL certificate |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 4.9 | MEDIUM | 4.0 | cna | CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber |
References (4)