Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

342 matches found

Nuclei
Nucleiadded 17 hours ago28 views

NETGEAR - Authentication Bypass

NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers are vulnerable to authentication bypass vulnerabilities which could allow network-adjacent attackers to bypass authentication on affected installations. id:...

8.8CVSS7.3AI score0.9036EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/01/29 3:26 a.m.3 views

CVE-2022-40619

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsqaccesstoken parameter. This affects R6230 before...

7.7CVSS6AI score0.02383EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/29 3:26 a.m.4 views

CVE-2022-40620

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. An attacker suitably positioned on the network could intercept the update request and deliver a...

7.7CVSS6.4AI score0.00106EPSS
Exploits1References1
OSV
OSVadded 2026/01/28 7:16 p.m.0 views

CVE-2022-40620

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. An attacker suitably positioned on the network could intercept the update request and deliver a...

7.7CVSS6.3AI score
Exploits0References2
NVD
NVDadded 2026/01/28 7:16 p.m.2 views

CVE-2022-40619

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsqaccesstoken parameter. This affects R6230 before...

7.7CVSS0.02383EPSS
Exploits1References2
OSV
OSVadded 2026/01/28 7:16 p.m.0 views

CVE-2022-40619

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsqaccesstoken parameter. This affects R6230 before...

7.7CVSS5.9AI score
Exploits0References2
CVE
CVEadded 2026/01/28 12:0 a.m.18 views

CVE-2022-40619

CVE-2022-40619 concerns a vulnerability in the FunJSQ third‑party module used on some NETGEAR routers and Orbi WiFi Systems. The affected component is an HTTP server exposed on the device LAN interface, which accepts unauthenticated commands via the funjsq_access_token parameter, enabling arbitra...

7.7CVSS6AI score0.02383EPSS
In wildExploits1References2Affected Software1
Cvelist
Cvelistadded 2026/01/28 12:0 a.m.16 views

CVE-2022-40620

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. An attacker suitably positioned on the network could intercept the update request and deliver a...

0.00106EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/01/28 12:0 a.m.25 views

CVE-2022-40619

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsqaccesstoken parameter. This affects R6230 before...

0.02383EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/01/28 12:0 a.m.1 views

CVE-2022-40619

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsqaccesstoken parameter. This affects R6230 before...

6AI score0.02383EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/01/28 12:0 a.m.2 views

CVE-2022-40620

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. An attacker suitably positioned on the network could intercept the update request and deliver a...

6.4AI score0.00106EPSS
Exploits1References3
CNNVD
CNNVDadded 2026/01/28 12:0 a.m.2 views

NETGEAR’s various products have security vulnerabilities

NETGEAR R6260 is a product of the American company NETGEAR. The NETGEAR R6260 is a router. The NETGEAR R6230 is also a router. Netgear R7000 is another product of NETGEAR. The Netgear R7000 is a wireless router. Several NETGEAR products have security vulnerabilities. These vulnerabilities stem fr...

7.7CVSS6.1AI score0.00106EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEVadded 2026/01/26 12:0 a.m.1 views

VulnCheck KEV: CVE-2022-40619

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsqaccesstoken parameter. This affects R6230 before...

7.7CVSS5.9AI score0.02383EPSS
In wildExploits1References5
RedhatCVE
RedhatCVEadded 2026/01/09 11:36 a.m.7 views

CVE-2021-41449

A path traversal attack in web interfaces of Netgear RAX35, RAX38, and RAX40 routers before v1.0.4.102, allows a remote unauthenticated attacker to gain access to sensitive restricted information, such as forbidden files of the web application, via sending a specially crafted HTTP packet...

7.1CVSS7.2AI score0.01438EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/09 9:7 a.m.11 views

CVE-2020-17409

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists...

6.5CVSS6AI score0.00299EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEVadded 2025/12/14 12:0 a.m.8 views

VulnCheck KEV: CVE-2020-27866

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Authentication is not required to exploit this...

8.8CVSS5.5AI score0.9036EPSS
In wildExploits0References122
RedhatCVE
RedhatCVEadded 2025/12/10 5:17 p.m.3 views

CVE-2025-12946

A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques MiTM to manipulate DNS responses and execute commands when speedtests are run. This issue...

7.3CVSS7.2AI score0.00053EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/11/12 5:7 p.m.2 views

CVE-2025-12943

Improper certificate validation in firmware update logic in NETGEAR RAX30 Nighthawk AX5 5-Stream AX2400 WiFi 6 Router and RAXE300 Nighthawk AXE7800 Tri-Band WiFi 6E Router allows attackers with the ability to intercept and tamper traffic destined to the device to execute arbitrary commands on the...

7.7CVSS7.6AI score0.00019EPSS
Exploits0References1
CVE
CVEadded 2025/11/11 4:17 p.m.4 views

CVE-2025-12943

CVE-2025-12943 involves NETGEAR RAX30 and RAXE300 devices, where improper certificate validation in the firmware update logic lets an attacker who can intercept and modify traffic potentially execute arbitrary commands on the device. Affected products: NETGEAR RAX30 (Nighthawk AX5 5-Stream AX2400...

7.7CVSS7.3AI score0.00019EPSS
Exploits0References3Affected Software1
VulnCheck KEV
VulnCheck KEVadded 2025/10/09 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-27867

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers. Although authentication is required to exploit...

7.7CVSS6.1AI score0.00164EPSS
In wildExploits0References112
Rows per page
Query Builder