Rax40 firmware

This hub aggregates every CVE we track for Rax40 firmware, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Rax40 firmware.

• CVE-2026-0420Missing TLS certificate validation in NETGEAR's ReadyCloud client app5.9Jun 9, 2026
• CVE-2023-27358NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability8.8May 3, 2024
• CVE-2022-27642This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this ...8.8Mar 29, 2023
• CVE-2022-27647This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit...8.0Mar 29, 2023
• CVE-2022-27645This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The...8.8Mar 29, 2023
• CVE-2022-48196Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX40 before 1.0.2.60, RAX35 before 1.0.2.60, R6400v2 before 1.0.4.122, R6700v3 before 1.0.4.1...7.4Dec 30, 2022
• CVE-2021-45493Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102.7.6Dec 26, 2021
• CVE-2021-45549Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LAX20 before 1.1.6.28, MK62 before 1.1.6.122, MR60 before 1.1.6.122, MS60 before 1.1.6.122, R6400v2 ...8.4Dec 26, 2021
• CVE-2021-45604Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects CBR750 before 3.2.18.2, D6220 before 1.0.0.68, D6400 before 1.0.0.102, D8500 before 1.0....4.5Dec 26, 2021
• CVE-2021-45672Certain NETGEAR devices are affected by Stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6220 before 1.1...4.2Dec 26, 2021
• CVE-2021-41449A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, ...7.1Dec 9, 2021
• CVE-2021-38526Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects RAX35 before 1.0.3.94, RAX38 before 1.0.3.94, and RAX40 before 1.0.3.94.4.3Aug 11, 2021
• CVE-2021-38533NETGEAR RAX40 devices before 1.0.3.64 are affected by stored XSS.5.4Aug 10, 2021
• CVE-2021-38535Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6260 before 1.1...4.3Aug 10, 2021
• CVE-2021-38536Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1...4.3Aug 10, 2021