Description
Authenticated administrators connected to the local network can gain
elevated access to the router and make unauthorized changes to router
software and functionality.
Published: 2026-06-09
Score: 1.9 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in input validation allows an authenticated local network administrator to gain elevated privileges. The vulnerability is an instance of insufficient input validation (CWE‑20). Attackers who possess legitimate administrative credentials can alter router software and functionality, compromising the integrity of the device. No remote exploitation is possible without local admin access.

Affected Systems

NETGEAR routers R7000, RAX20, RAX35v2, RAX41, RAX41v2, RAX42, RAX42v2, RAX43, RAX43v2, RAX45, RAX49S, RAX50, RAX50S, RAX50v2, RAX54Sv2, RAX54v2, RAXE450, RAXE500, XR1000, and XR1000v2 are impacted. Firmware revisions listed by NETGEAR (e.g., R7000 V1.0.11.216, RAX20 V1.0.18.144, RAXE500 V1.2.14.114) include the fix. End‑of‑support models such as the R7000 are advised to be retired.

Risk and Exploitability

The CVSS score of 1.9 suggests a low severity rating, and the EPSS score is not provided, indicating no known public exploitation. The vulnerability is not in CISA’s KEV catalog. Exploitation requires local administrative credentials; an attacker who succeeds can alter device settings or firmware behavior. The privilege escalation potential, combined with the lack of public exploitation, results in a moderate risk for networks relying on these routers, especially if they are unmanaged or use default admin accounts.

Generated by OpenCVE AI on June 9, 2026 at 18:29 UTC.

Remediation

Vendor Solution

NETGEAR strongly recommends that you install the latest firmware as soon as possible.  Issue fixed in: ProductFixed VersionR7000*V1.0.11.216RAX20* V1.0.18.144 https://www.netgear.com/support/product/rax20/ RAX35v2V1.0.16.132RAX41*V1.0.16.132RAX41v2V1.1.4.28RAX42*V1.0.16.132RAX42v2V1.1.4.28RAX43*V1.0.16.132RAX43v2V1.1.4.28RAX45*V1.0.16.132RAX49SV1.1.4.28RAX50V1.0.16.132RAX50SV1.0.16.132RAX50v2V1.1.4.28RAX54Sv2V1.1.4.28RAX54v2V1.1.4.28RAXE450 V1.2.14.114 https://www.netgear.com/support/product/raxe450/ RAXE500 V1.2.14.114 https://www.netgear.com/support/product/raxe500/ XR1000 V1.1.0.22 https://www.netgear.com/support/product/xr1000/ XR1000v2 V1.1.0.22 https://www.netgear.com/support/product/xr1000v2/ * Model has reached its End-of-Support phase and no future security updates are planned. NETGEAR strongly recommends that you retire this device and upgrade to a newer NETGEAR product for continued security support.

OpenCVE Recommended Actions

  • Install the latest firmware version that contains the fix.
  • If the device is an end‑of‑support model, retire it and replace it with a newer NETGEAR router that receives ongoing security updates.
  • Restrict local administrative access and monitor for unauthorized configuration changes.

Generated by OpenCVE AI on June 9, 2026 at 18:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Netgear
Netgear r7000
Netgear rax20
Netgear rax35v2
Netgear rax41
Netgear rax41v2
Netgear rax42
Netgear rax42v2
Netgear rax43
Netgear rax43v2
Netgear rax45
Netgear rax49s
Netgear rax50
Netgear rax50s
Netgear rax50v2
Netgear rax54sv2
Netgear raxe450
Netgear raxe500
Netgear xr1000
Netgear xr1000v2
Vendors & Products Netgear
Netgear r7000
Netgear rax20
Netgear rax35v2
Netgear rax41
Netgear rax41v2
Netgear rax42
Netgear rax42v2
Netgear rax43
Netgear rax43v2
Netgear rax45
Netgear rax49s
Netgear rax50
Netgear rax50s
Netgear rax50v2
Netgear rax54sv2
Netgear raxe450
Netgear raxe500
Netgear xr1000
Netgear xr1000v2

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Description Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality.
Title Insufficient input validation in certain NETGEAR routers
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 1.9, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber'}
cve-icon MITRE

Status: PUBLISHED

Assigner: NETGEAR

Published:

Updated: 2026-06-09T18:40:24.087Z

Reserved: 2025-12-03T04:16:17.013Z

Link: CVE-2026-0410

cve-icon Vulnrichment

Updated: 2026-06-09T17:27:40.882Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:16:58.227

Modified: 2026-06-09T19:38:32.463

Link: CVE-2026-0410

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T18:30:11Z

Weaknesses