CVE-2026-0420
Analyzed Analyzed - Analysis Complete

Improper TLS Certificate Validation in ReadyCloud Client

Publication date: 2026-06-09

Last updated on: 2026-06-18

Assigner: Netgear, Inc.

Description
An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks impacting the product's confidentiality. This vulnerability affects the listed NETGEAR models.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-09
Last Modified
2026-06-18
Generated
2026-06-30
AI Q&A
2026-06-09
EPSS Evaluated
2026-06-28
NVD
CVE-2026-0420
EUVD
EUVD-2026-35467

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
netgear rax120_firmware to 1.2.9.52 (exc)
netgear rax35_firmware to 1.0.6.106 (exc)
netgear rax38_firmware to 1.0.6.106 (exc)
netgear rax40_firmware to 1.0.6.106 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-325 The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an improper implementation of TLS certificate validation in the ReadyCloud client app by NETGEAR. It allows an attacker to perform man-in-the-middle (MiTM) style attacks by exploiting the flawed certificate validation process.

Such an attack can intercept or alter communications between the client app and the server, potentially compromising the confidentiality of the data transmitted.

Impact Analysis

The vulnerability can impact you by allowing an attacker to intercept sensitive information exchanged between your ReadyCloud client app and the server.

This could lead to unauthorized access to confidential data, loss of privacy, and potential exposure of sensitive information.

Compliance Impact

The vulnerability involves improper TLS certificate validation in the ReadyCloud client app, which can allow attacker-in-the-middle (MiTM) attacks impacting confidentiality.

Such a confidentiality impact could potentially affect compliance with standards and regulations like GDPR and HIPAA that require protection of sensitive data in transit.

However, the provided information does not explicitly state the direct effects on compliance with these standards.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0420. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart