CVE-2025-12943

UNKNOWN 0.0

Improper certificate validation in firmware update logic in NETGEAR RAX30 and RAXE300

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Improper certificate validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream AX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band WiFi 6E Router) allows attackers with the ability to intercept and tamper traffic destined to the device to execute arbitrary commands on the device. Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update to the latest. Fixed in: RAX30 firmware 1.0.14.108 or later. RAXE300 firmware 1.0.9.82 or later

CWE	CWE-295
Vendor	netgear
Product	rax30
Published	Nov 11, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for netgear rax30

Be the first to know when new unknown vulnerabilities affecting netgear rax30 are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

NETGEAR / RAX30

0 < 1.0.10.95

NETGEAR / RAXE300

0 < 1.0.9.82

References

NVD ↗ CVE.org ↗ EPSS Data ↗

netgear.com: https://www.netgear.com/support/product/rax30 netgear.com: https://www.netgear.com/support/product/raxe300 kb.netgear.com: https://kb.netgear.com/000070355/NETGEAR-Security-Advisories-November-2025

Credits

rqu4