CVE-2026-0420

MEDIUM

NETGEAR RAX120v1 - Missing TLS Certificate Validation in ReadyCloud Client App

Title source: rule
STIX 2.1

Description

An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks impacting the product's confidentiality. This vulnerability affects the listed NETGEAR models.

Scores

CVSS v3 5.9
EPSS 0.0014
EPSS Percentile 3.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-325
Status published
Products (9)
netgear/rax120_firmware < 1.2.9.52
NETGEAR/RAX120v1 < V1.2.9.52
NETGEAR/RAX120v2 < V1.2.9.52
NETGEAR/RAX35 < V1.0.6.106
netgear/rax35_firmware < 1.0.6.106
NETGEAR/RAX38 < V1.0.6.106
netgear/rax38_firmware < 1.0.6.106
NETGEAR/RAX40 < V1.0.6.106
netgear/rax40_firmware < 1.0.6.106
Published Jun 09, 2026
Tracked Since Jun 09, 2026