Netgear Rax43 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Netgear Rax43 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (26)
CVE-2021-45614 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.74, LAX20…
CVE-2021-45620 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before…
CVE-2021-45613 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before…
CVE-2021-45612 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before…
CVE-2021-45622 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before…
CVE-2021-45616 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 3.2.18.2, LAX20 before…
CVE-2021-45621 — CVSS 9.6 (critical): Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before…
CVE-2021-20166 — CVSS 8.8 (high): Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionality in the cgi-bin endpoint of the router…
CVE-2021-20170 — CVSS 8.8 (high): Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal users are intended to be able to…
CVE-2021-34991 — CVSS 8.8 (high): This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2…
CVE-2022-27642 — CVSS 8.8 (high): This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3…
CVE-2022-27645 — CVSS 8.8 (high): This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers…
CVE-2021-45549 — CVSS 8.4 (high): Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LAX20 before 1.1.6.28, MK62 before…
CVE-2022-27647 — CVSS 8.0 (high): This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3…
CVE-2021-20167 — CVSS 8.0 (high): Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi application is vulnerable to command…
CVE-2025-12946 — CVSS 7.5 (high): A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on…
CVE-2021-20169 — CVSS 6.8 (medium): Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. By default, all communication to/from the…
CVE-2021-20168 — CVSS 6.8 (medium): Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A malicious actor with physical access to the…
CVE-2021-34983 — CVSS 6.5 (medium): NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows…
CVE-2021-20171 — CVSS 5.5 (medium): Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and passwords for the device's associated services…
CVE-2026-9210 — CVSS 4.5 (medium): Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network…
CVE-2026-0418 — CVSS 4.5 (medium): Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper…
CVE-2026-0410 — CVSS 4.5 (medium): Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router…
CVE-2026-0417 — CVSS 4.5 (medium): Insufficient input validation vulnerability in the listed NETGEAR devices allows authenticated administrators connected to the local…
CVE-2021-45604 — CVSS 4.5 (medium): Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects CBR750 before 3.2.18.2, D6220…