Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for WAX333 by NETGEAR
CVE-2026-62659 (GCVE-0-2026-62659)
Vulnerability from nvd – Published: 2026-07-14 17:48 – Updated: 2026-07-14 17:48
VLAI
EPSS
VEX
Title
Authenticated users can make unauthorized changes on NETGEAR WAX333 Access Points
Summary
A
security flaw was discovered in the NETGEAR WAX333 Access Point that could
allow someone already logged in and connected to the local network to make
unauthorized changes to the device's settings
Severity
CWE
- CWE-20 - Improper input validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.netgear.com/support/product/wax333 | patchproduct |
Impacted products
Date Public
2026-07-14 00:00
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WAX333",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V2.8.0.100",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ziqiweiaaa"
}
],
"datePublic": "2026-07-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003c/p\u003e\u003cdiv\u003e\n\n\u003cp\u003eA\nsecurity flaw was discovered in the NETGEAR WAX333 Access Point that could\nallow someone already logged in and connected to the local network to make\nunauthorized changes to the device\u0027s settings\u003cb\u003e\u003c/b\u003e\u003c/p\u003e\n\n\u003c/div\u003e"
}
],
"value": "A\nsecurity flaw was discovered in the NETGEAR WAX333 Access Point that could\nallow someone already logged in and connected to the local network to make\nunauthorized changes to the device\u0027s settings"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T17:48:45.532Z",
"orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"shortName": "NETGEAR"
},
"references": [
{
"tags": [
"patch",
"product"
],
"url": "https://www.netgear.com/support/product/wax333"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDevices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\u003c/p\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eProduct\u003c/th\u003e\u003cth\u003eFixed Version\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eWAX333\u003c/b\u003e Insight Managed WiFi 6 AX3000 Dual-band Access Point with Gigabit PoE (3-pack)\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/WAX333/\"\u003eV2.8.0.100\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\n\nProductFixed VersionWAX333 Insight Managed WiFi 6 AX3000 Dual-band Access Point with Gigabit PoE (3-pack) V2.8.0.100 https://www.netgear.com/support/product/WAX333/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Authenticated users can make unauthorized changes on NETGEAR WAX333 Access Points",
"x_generator": {
"engine": "Vulnogram 1.0.3"
}
}
},
"cveMetadata": {
"assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"assignerShortName": "NETGEAR",
"cveId": "CVE-2026-62659",
"datePublished": "2026-07-14T17:48:45.532Z",
"dateReserved": "2026-07-14T16:31:02.509Z",
"dateUpdated": "2026-07-14T17:48:45.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-62659 (GCVE-0-2026-62659)
Vulnerability from cvelistv5 – Published: 2026-07-14 17:48 – Updated: 2026-07-14 17:48
VLAI
EPSS
VEX
Title
Authenticated users can make unauthorized changes on NETGEAR WAX333 Access Points
Summary
A
security flaw was discovered in the NETGEAR WAX333 Access Point that could
allow someone already logged in and connected to the local network to make
unauthorized changes to the device's settings
Severity
CWE
- CWE-20 - Improper input validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.netgear.com/support/product/wax333 | patchproduct |
Impacted products
Date Public
2026-07-14 00:00
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WAX333",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V2.8.0.100",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ziqiweiaaa"
}
],
"datePublic": "2026-07-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003c/p\u003e\u003cdiv\u003e\n\n\u003cp\u003eA\nsecurity flaw was discovered in the NETGEAR WAX333 Access Point that could\nallow someone already logged in and connected to the local network to make\nunauthorized changes to the device\u0027s settings\u003cb\u003e\u003c/b\u003e\u003c/p\u003e\n\n\u003c/div\u003e"
}
],
"value": "A\nsecurity flaw was discovered in the NETGEAR WAX333 Access Point that could\nallow someone already logged in and connected to the local network to make\nunauthorized changes to the device\u0027s settings"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T17:48:45.532Z",
"orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"shortName": "NETGEAR"
},
"references": [
{
"tags": [
"patch",
"product"
],
"url": "https://www.netgear.com/support/product/wax333"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDevices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\u003c/p\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eProduct\u003c/th\u003e\u003cth\u003eFixed Version\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eWAX333\u003c/b\u003e Insight Managed WiFi 6 AX3000 Dual-band Access Point with Gigabit PoE (3-pack)\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/WAX333/\"\u003eV2.8.0.100\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\n\nProductFixed VersionWAX333 Insight Managed WiFi 6 AX3000 Dual-band Access Point with Gigabit PoE (3-pack) V2.8.0.100 https://www.netgear.com/support/product/WAX333/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Authenticated users can make unauthorized changes on NETGEAR WAX333 Access Points",
"x_generator": {
"engine": "Vulnogram 1.0.3"
}
}
},
"cveMetadata": {
"assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"assignerShortName": "NETGEAR",
"cveId": "CVE-2026-62659",
"datePublished": "2026-07-14T17:48:45.532Z",
"dateReserved": "2026-07-14T16:31:02.509Z",
"dateUpdated": "2026-07-14T17:48:45.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}