4.6

CVE-2026-0420

Missing TLS certificate validation in NETGEAR's ReadyCloud client app

An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks impacting the product's confidentiality. This vulnerability affects the listed NETGEAR models.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerNETGEAR
Produkt RAX120v1
Default Statusunaffected
Version 0
Version < V1.2.9.52
Status affected
HerstellerNETGEAR
Produkt RAX120v2
Default Statusunaffected
Version 0
Version < V1.2.9.52
Status affected
HerstellerNETGEAR
Produkt RAX35
Default Statusunaffected
Version 0
Version < V1.0.6.106
Status affected
HerstellerNETGEAR
Produkt RAX38
Default Statusunaffected
Version 0
Version < V1.0.6.106
Status affected
HerstellerNETGEAR
Produkt RAX40
Default Statusunaffected
Version 0
Version < V1.0.6.106
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.033
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
a2826606-91e7-4eb6-899e-8484bd4575d5 4.6 0 0
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-325 Missing Cryptographic Step

The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.

https://www.netgear.com/support/product/rax35/
https://www.netgear.com/support/product/rax38/
https://www.netgear.com/support/product/rax40/
https://www.netgear.com/support/product/rax120v2/
https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory