Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-0416

Summary
Assigner-NETGEAR
Assigner Org ID-a2826606-91e7-4eb6-899e-8484bd4575d5
Published At-09 Jun, 2026 | 15:50
Updated At-11 Jun, 2026 | 06:02
Rejected At-
Credits

Improper input validation in certain NETGEAR routers allows unauthorized modification of protected router functionality

An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with local network access to submit crafted input that bypasses intended management interface restrictions, resulting in unauthorized modification of protected router software or functionality.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:NETGEAR
Assigner Org ID:a2826606-91e7-4eb6-899e-8484bd4575d5
Published At:09 Jun, 2026 | 15:50
Updated At:11 Jun, 2026 | 06:02
Rejected At:
▼CVE Numbering Authority (CNA)
Improper input validation in certain NETGEAR routers allows unauthorized modification of protected router functionality

An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with local network access to submit crafted input that bypasses intended management interface restrictions, resulting in unauthorized modification of protected router software or functionality.

Affected Products
Vendor
NETGEAR, Inc.NETGEAR
Product
RAXE450
Default Status
unaffected
Versions
Affected
  • From V1.0.12.96 before V1.2.14.114 (custom)
Vendor
NETGEAR, Inc.NETGEAR
Product
RAXE500
Default Status
unaffected
Versions
Affected
  • From V1.0.12.96 before V1.2.14.114 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20 Improper input validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20 Improper input validation
Metrics
VersionBase scoreBase severityVector
4.04.3MEDIUM
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber
Version: 4.0
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-122CAPEC-122 Privilege Abuse
CAPEC ID: CAPEC-122
Description: CAPEC-122 Privilege Abuse
Solutions

Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in: ProductFixed VersionRAXE450 Nighthawk AXE10000 Tri-Band WiFi 6E Router V1.2.14.114 https://www.netgear.com/support/product/raxe450/ RAXE500 Nighthawk AX12 12-Stream AXE11000 Tri-Band WiFi 6E Router V1.2.14.114 https://www.netgear.com/support/product/raxe500/

Configurations
Workarounds
Exploits
Credits
finder
fxc233
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.netgear.com/support/product/raxe500/
product
patch
https://www.netgear.com/support/product/raxe450/
product
patch
https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory
vendor-advisory
Hyperlink: https://www.netgear.com/support/product/raxe500/
Resource:
product
patch
Hyperlink: https://www.netgear.com/support/product/raxe450/
Resource:
product
patch
Hyperlink: https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:a2826606-91e7-4eb6-899e-8484bd4575d5
Published At:09 Jun, 2026 | 17:16
Updated At:11 Jun, 2026 | 07:16

An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with local network access to submit crafted input that bypasses intended management interface restrictions, resulting in unauthorized modification of protected router software or functionality.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.04.3MEDIUM
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:L/U:Amber
Type: Secondary
Version: 4.0
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:L/U:Amber
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-20Secondarya2826606-91e7-4eb6-899e-8484bd4575d5
CWE ID: CWE-20
Type: Secondary
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisorya2826606-91e7-4eb6-899e-8484bd4575d5
N/A
https://www.netgear.com/support/product/raxe450/a2826606-91e7-4eb6-899e-8484bd4575d5
N/A
https://www.netgear.com/support/product/raxe500/a2826606-91e7-4eb6-899e-8484bd4575d5
N/A
Hyperlink: https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Resource: N/A
Hyperlink: https://www.netgear.com/support/product/raxe450/
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Resource: N/A
Hyperlink: https://www.netgear.com/support/product/raxe500/
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

16Records found
CVE-2026-0417
Matching Score-10
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
ShareView Details
Matching Score-10
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 16.71%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 15:50
Updated-10 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient input validation in certain NETGEAR routers

Insufficient input validation vulnerability in the listed NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-RAX42R6900PR7000RAX50SMS70RAX41MR70RAX50R7960PRAX45R6400v2RAXE500RAX40v2MR60MS80RAX35v2R7000PR8000PR6700v3R8500RAX43MR80MS60RAXE450XR1000RAX48RAX20
CWE ID-CWE-20
Improper Input Validation
CVE-2026-9211
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
ShareView Details
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
CVSS Score-5.2||MEDIUM
EPSS-0.04% / 11.62%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 15:50
Updated-10 Jun, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certain NETGEAR routers allow unauthenticated users to gain control of the router

An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-RAX5RAX30RAXE300CAX30
CWE ID-CWE-20
Improper Input Validation
CVE-2026-9212
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
ShareView Details
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
CVSS Score-5.6||MEDIUM
EPSS-0.14% / 33.61%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 15:50
Updated-11 Jun, 2026 | 05:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient authentication and input validation in certain NETGEAR products

Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or change certain configurations.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-XR450RAX10RAX120v2RAX78XR500R6700AXRAX10v2RBS350RBS10RBS40RAX36SRBR350LBR20LBR1020R9000RBR20RAX120RAX70RBR50R7800RBS50RBS20RBR10RAX120v1RBR40
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2025-12946
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
ShareView Details
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
CVSS Score-4.4||MEDIUM
EPSS-0.05% / 16.79%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 17:02
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper input validation in NETGEAR Nighthawk routers

A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques (MiTM) to manipulate DNS responses and execute commands when speedtests are run. This issue affects RS700: through 1.0.7.82; RAX54Sv2 : before V1.1.6.36; RAX41v2: before V1.1.6.36; RAX50: before V1.2.14.114; RAXE500: before V1.2.14.114; RAX41: before V1.0.17.142; RAX43: before V1.0.17.142; RAX35v2: before V1.0.17.142; RAXE450: before V1.2.14.114; RAX43v2: before V1.1.6.36; RAX42: before V1.0.17.142; RAX45: before V1.0.17.142; RAX50v2: before V1.1.6.36; MR90: before V1.0.2.46; MS90: before V1.0.2.46; RAX42v2: before V1.1.6.36; RAX49S: before V1.1.6.36.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rax45v2_firmwarerax35v2_firmwarerax42v2rax50v2rax45rax43v2rax45_firmwarerax54sv2_firmwarerax50rax49sms90rax50_firmwarerax41_firmwareraxe500_firmwarerax35v2rax42rax50v2_firmwarerax49s_firmwarerax41rax45v2rax42v2_firmwaremr90_firmwarers700ms90_firmwarers700_firmwareraxe500rax41v2_firmwarerax43_firmwarerax41v2rax42_firmwarerax43v2_firmwarerax43mr90rax54sv2raxe450_firmwareraxe450RS700RAX35v2RAX50RAX41v2RAX41RAX49SRAX42v2RAX54Sv2RAX50v2RAXE500RAXE450RAX43v2RAX42RAX43MR90RAX45MS90
CWE ID-CWE-20
Improper Input Validation
CVE-2026-9210
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
ShareView Details
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
CVSS Score-4.9||MEDIUM
EPSS-0.06% / 18.15%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 15:50
Updated-11 Jun, 2026 | 05:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Certain NETGEAR routers allow authenticated administrators to gain unintended control of the router

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-RAX42R6900PR7000RAX50SMS70RAX41MR70RAX50EX6120R7960PRAX45R6400v2RAXE500RAX40v2MR60EX3800MS80EX6130RAX35v2R7000PR8000PR6700v3R8500RAX43EX3700MR80MS60RAXE450XR1000RAX48RAX20
CWE ID-CWE-20
Improper Input Validation
CVE-2025-12942
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
ShareView Details
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
CVSS Score-4.8||MEDIUM
EPSS-0.03% / 9.60%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 16:17
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper input validation in NETGEAR R6260 and R6850

Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r6850r6260r6850_firmwarer6260_firmwareR6850R6260
CWE ID-CWE-20
Improper Input Validation
CVE-2026-9213
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
ShareView Details
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
CVSS Score-6.9||MEDIUM
EPSS-0.23% / 45.63%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 15:50
Updated-11 Jun, 2026 | 07:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient input validation in certain NETGEAR routers

A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-MR70XR1000MS70RAXE500
CWE ID-CWE-20
Improper Input Validation
CVE-2025-12945
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
ShareView Details
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
CVSS Score-1.1||LOW
EPSS-0.51% / 66.87%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 17:01
Updated-16 Jan, 2026 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper input validation in NETGEAR Nighthawk router R7000P

A vulnerability in NETGEAR Nighthawk R7000P routers lets an authenticated admin execute OS command injections due to improper input validation. This issue affects R7000P: through 1.3.3.154.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-r7000pr7000p_firmwareR7000P
CWE ID-CWE-20
Improper Input Validation
CVE-2025-12944
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
ShareView Details
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
CVSS Score-6.8||MEDIUM
EPSS-0.04% / 14.21%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 16:17
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper input validation in NETGEAR DGN2200v4

Improper input validation in NETGEAR DGN2200v4 (N300 Wireless ADSL2+ Modem Router) allows attackers with direct network access to the device to potentially execute code on the device. Please check the firmware version and update to the latest. Fixed in:  DGN2200v4 firmware 1.0.0.132 or later

Action-Not Available
Vendor-NETGEAR, Inc.
Product-dgn2200dgn2200_firmwareDGN2200v4
CWE ID-CWE-20
Improper Input Validation
CVE-2026-0412
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
ShareView Details
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 9.13%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 15:50
Updated-10 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient input validation vulnerability in NETGEAR JR6150 Web UI

Insufficient input validation vulnerability in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in 2018 and is no longer receiving security updates. NETGEAR strongly recommends replacing these devices with newer NETGEAR models to ensure continued security support and updates. This vulnerability has been identified through firmware emulation in a controlled research environment and has not been verified on production hardware.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-JR6150
CWE ID-CWE-20
Improper Input Validation
CVE-2026-0410
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
ShareView Details
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
CVSS Score-1.9||LOW
EPSS-0.05% / 16.71%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 15:41
Updated-10 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient input validation in certain NETGEAR routers

Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-RAX42RAX50v2R7000RAX54Sv2RAX50SRAX41RAX50RAX45RAXE500XR1000v2RAX42v2RAX35v2RAX41v2RAX49SRAX43v2RAX54v2RAX43XR1000RAXE450RAX20
CWE ID-CWE-20
Improper Input Validation
CVE-2026-0415
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
ShareView Details
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
CVSS Score-4.3||MEDIUM
EPSS-0.05% / 16.39%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 15:50
Updated-10 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient input validation vulnerability in certain Orbi routers

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-RBR850RBRE960RBSE950RBS750RBS860RBSE960RBS840RBRE950RBR750RBR860RBR840RBS850RBE970
CWE ID-CWE-20
Improper Input Validation
CVE-2026-0404
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
ShareView Details
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
CVSS Score-4.8||MEDIUM
EPSS-0.18% / 39.18%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 16:01
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient input validation in NETGEAR Orbi routers

An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is not enabled by default.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rbse950_firmwarerbr840_firmwarerbs860_firmwarerbs840rbre960_firmwarerbse960_firmwarerbr860rbr850_firmwarerbr850rbre960rbse960rbs850rbs750_firmwarerbr750rbs850_firmwarerbs750rbr860_firmwarerbse950rbre950rbr750_firmwarerbs860rbre950_firmwarerbs840_firmwarerbr840RBSE960RBS860RBS850RBR850RBRE960RBS840RBR750RBR840RBR860RBRE950RBSE950RBS750
CWE ID-CWE-20
Improper Input Validation
CVE-2026-0406
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
ShareView Details
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 14.53%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 16:00
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient input validation in NETGEAR Nighthawk router XR1000v2

An insufficient input validation vulnerability in the NETGEAR XR1000v2 allows attackers connected to the router's LAN to execute OS command injections.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-xr1000v2_firmwarexr1000v2XR1000v2
CWE ID-CWE-20
Improper Input Validation
CVE-2026-0403
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
ShareView Details
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
CVSS Score-1.1||LOW
EPSS-0.08% / 24.32%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 16:00
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient input validation in NETGEAR Orbi routers

An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN to execute OS command injections.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-rbs860_firmwarerbe970_firmwarerbre960_firmwarerbse960_firmwarerbr860rbe970rbr850_firmwarerbr850rbre960rbse960rbs850rbs750_firmwarerbr750rbs850_firmwarerbs750rbr860_firmwarerbr750_firmwarerbs860rbe971rbe971_firmwareRBSE960RBS860RBS850RBR850RBRE960RBE971RBE970RBR750RBR860RBS750
CWE ID-CWE-20
Improper Input Validation
CVE-2026-0419
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
ShareView Details
Matching Score-6
Assigner-a2826606-91e7-4eb6-899e-8484bd4575d5
CVSS Score-4.4||MEDIUM
EPSS-0.06% / 18.36%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 15:50
Updated-10 Jun, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient input validation vulnerability in NETGEAR JR6150

Insufficient input validation in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows users connected to the local WiFi Networks to execute operating system commands. NETGEAR JR6150 has reached End-of-Support phase as of 2018 , and no further security updates are planned. NETGEAR strongly recommends replacing these devices with newer NETGEAR models to ensure continued security support and updates. This vulnerability has been identified through firmware emulation in a controlled research environment and has not been verified on production hardware.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-JR6150
CWE ID-CWE-20
Improper Input Validation
Details not found