Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities found for WAX333 by NETGEAR

    CVE-2026-62659 (GCVE-0-2026-62659)

    Vulnerability from nvd – Published: 2026-07-14 17:48 – Updated: 2026-07-14 17:48
    VLAI
    Title
    Authenticated users can make unauthorized changes on NETGEAR WAX333 Access Points
    Summary
    A security flaw was discovered in the NETGEAR WAX333 Access Point that could allow someone already logged in and connected to the local network to make unauthorized changes to the device's settings
    CWE
    • CWE-20 - Improper input validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    NETGEAR WAX333 Affected: 0 , < V2.8.0.100 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 00:00
    Credits
    ziqiweiaaa
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WAX333",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V2.8.0.100",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "ziqiweiaaa"
            }
          ],
          "datePublic": "2026-07-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\n\n\u003c/p\u003e\u003cdiv\u003e\n\n\u003cp\u003eA\nsecurity flaw was discovered in the NETGEAR WAX333 Access Point that could\nallow someone already logged in and connected to the local network to make\nunauthorized changes to the device\u0027s settings\u003cb\u003e\u003c/b\u003e\u003c/p\u003e\n\n\u003c/div\u003e"
                }
              ],
              "value": "A\nsecurity flaw was discovered in the NETGEAR WAX333 Access Point that could\nallow someone already logged in and connected to the local network to make\nunauthorized changes to the device\u0027s settings"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper input validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T17:48:45.532Z",
            "orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
            "shortName": "NETGEAR"
          },
          "references": [
            {
              "tags": [
                "patch",
                "product"
              ],
              "url": "https://www.netgear.com/support/product/wax333"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDevices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\u003c/p\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eProduct\u003c/th\u003e\u003cth\u003eFixed Version\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eWAX333\u003c/b\u003e Insight Managed WiFi 6 AX3000 Dual-band Access Point with Gigabit PoE (3-pack)\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/WAX333/\"\u003eV2.8.0.100\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\n\nProductFixed VersionWAX333 Insight Managed WiFi 6 AX3000 Dual-band Access Point with Gigabit PoE (3-pack) V2.8.0.100 https://www.netgear.com/support/product/WAX333/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Authenticated users can make unauthorized changes on NETGEAR WAX333 Access Points",
          "x_generator": {
            "engine": "Vulnogram 1.0.3"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
        "assignerShortName": "NETGEAR",
        "cveId": "CVE-2026-62659",
        "datePublished": "2026-07-14T17:48:45.532Z",
        "dateReserved": "2026-07-14T16:31:02.509Z",
        "dateUpdated": "2026-07-14T17:48:45.532Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-62659 (GCVE-0-2026-62659)

    Vulnerability from cvelistv5 – Published: 2026-07-14 17:48 – Updated: 2026-07-14 17:48
    VLAI
    Title
    Authenticated users can make unauthorized changes on NETGEAR WAX333 Access Points
    Summary
    A security flaw was discovered in the NETGEAR WAX333 Access Point that could allow someone already logged in and connected to the local network to make unauthorized changes to the device's settings
    CWE
    • CWE-20 - Improper input validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    NETGEAR WAX333 Affected: 0 , < V2.8.0.100 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 00:00
    Credits
    ziqiweiaaa
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WAX333",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V2.8.0.100",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "ziqiweiaaa"
            }
          ],
          "datePublic": "2026-07-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003e\n\n\u003c/p\u003e\u003cdiv\u003e\n\n\u003cp\u003eA\nsecurity flaw was discovered in the NETGEAR WAX333 Access Point that could\nallow someone already logged in and connected to the local network to make\nunauthorized changes to the device\u0027s settings\u003cb\u003e\u003c/b\u003e\u003c/p\u003e\n\n\u003c/div\u003e"
                }
              ],
              "value": "A\nsecurity flaw was discovered in the NETGEAR WAX333 Access Point that could\nallow someone already logged in and connected to the local network to make\nunauthorized changes to the device\u0027s settings"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper input validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T17:48:45.532Z",
            "orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
            "shortName": "NETGEAR"
          },
          "references": [
            {
              "tags": [
                "patch",
                "product"
              ],
              "url": "https://www.netgear.com/support/product/wax333"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDevices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\u003c/p\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eProduct\u003c/th\u003e\u003cth\u003eFixed Version\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eWAX333\u003c/b\u003e Insight Managed WiFi 6 AX3000 Dual-band Access Point with Gigabit PoE (3-pack)\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/WAX333/\"\u003eV2.8.0.100\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
                }
              ],
              "value": "Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\n\nProductFixed VersionWAX333 Insight Managed WiFi 6 AX3000 Dual-band Access Point with Gigabit PoE (3-pack) V2.8.0.100 https://www.netgear.com/support/product/WAX333/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Authenticated users can make unauthorized changes on NETGEAR WAX333 Access Points",
          "x_generator": {
            "engine": "Vulnogram 1.0.3"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
        "assignerShortName": "NETGEAR",
        "cveId": "CVE-2026-62659",
        "datePublished": "2026-07-14T17:48:45.532Z",
        "dateReserved": "2026-07-14T16:31:02.509Z",
        "dateUpdated": "2026-07-14T17:48:45.532Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }