← back
CVE-2026-62656

Post-authenticated command injection vulnerability found in certain NETGEAR RAX models

CVSS 5.4 MEDIUMCWE-20
Vexday Risk Score
10Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.4EPSS KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
14 Jul 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A security flaw was found in certain NETGEAR RAX models that could allow a logged-in user to send specially crafted requests to the router and run unauthorized commands. This could enable the user to make unauthorized changes to the router and affect its security and operation.
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P