CVE-2019-20646
Description
NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of administrative credentials.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
NETGEAR RAX40 routers before firmware 1.0.3.64 expose administrative credentials, allowing attackers to gain full device control.
Vulnerability
CVE-2019-20646 is an administrative credential disclosure vulnerability affecting NETGEAR RAX40 routers running firmware versions prior to 1.0.3.64. The flaw allows an attacker to obtain the device's admin credentials, likely through an unauthenticated or insufficiently protected endpoint or mechanism within the router's web interface or firmware [1].
Exploitation
An attacker can exploit this vulnerability remotely without authentication, as the disclosure occurs over the network. The exact attack vector is not detailed in the available reference, but the advisory confirms that no special privileges or user interaction are required to trigger the credential leak [1].
Impact
Successful exploitation results in full disclosure of the router's administrative credentials. An attacker can then log in to the device with admin privileges, gaining complete control over the router's configuration, network traffic, and connected devices. This can lead to further compromise of the local network [1].
Mitigation
NETGEAR released firmware version 1.0.3.64 to fix this vulnerability. Users should update their RAX40 routers to this version or later immediately via the NETGEAR Support page. No workarounds are available for unpatched devices [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- NETGEAR/RAX40description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.