Description
Insufficient input validation vulnerability in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in 2018 and is no longer receiving security updates. NETGEAR strongly recommends
replacing these devices with newer NETGEAR models to ensure continued
security support and updates.



This vulnerability has been identified through firmware emulation in a
controlled research environment and has not been verified on production
hardware.
Published: 2026-06-09
Score: 4.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a weakness in input handling within the web interface of the NETGEAR JR6150 router. An administrator who is already authenticated via the local network can submit malformed data that bypasses validation checks, allowing changes to router firmware settings or device behavior. The flaw is classified as CWE-20, which reflects insufficient input validation leading to improper access control. No evidence exists that the issue has been confirmed on physical hardware; it was identified through firmware emulation in a controlled environment.

Affected Systems

Affected devices are NETGEAR JR6150 routers (AC750 WiFi Router 802.11ac Dual Band Gigabit) released in 2014. The product reached End‑of‑Support status in 2018 and no further security updates are scheduled by the vendor.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity, and the EPSS score is not available, which suggests limited public knowledge of exploitation. The vulnerability is exploitable only by users who have administrator access to the local network and are able to log into the router’s web UI. No proof‑of‑concept or commercial exploitation reports exist, and the flaw has not been verified on production hardware. Therefore, while the potential impact includes unauthorized configuration changes that could degrade network security, the overall risk to systems outside the local network remains low, but the lack of official patches makes remediation necessary.

Generated by OpenCVE AI on June 9, 2026 at 17:26 UTC.

Remediation

Vendor Solution

NETGEAR JR6150 has reached End-of-Support phase, and no further security updates are planned. NETGEAR strongly recommends replacing these devices with newer NETGEAR models to ensure continued security support and updates.

OpenCVE Recommended Actions

  • Replace the NETGEAR JR6150 with a supported and regularly updated router model
  • Apply the latest firmware updates to the replacement device to ensure all known issues are patched
  • Secure administrative access by enforcing strong passwords, enabling two‑factor authentication where available, and restricting web‑UI access to trusted network segments

Generated by OpenCVE AI on June 9, 2026 at 17:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Netgear
Netgear jr6150
Vendors & Products Netgear
Netgear jr6150

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Description Insufficient input validation vulnerability in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in 2018 and is no longer receiving security updates. NETGEAR strongly recommends replacing these devices with newer NETGEAR models to ensure continued security support and updates. This vulnerability has been identified through firmware emulation in a controlled research environment and has not been verified on production hardware.
Title Insufficient input validation vulnerability in NETGEAR JR6150 Web UI
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 4.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/V:D/U:Amber'}

Subscriptions

Netgear Jr6150
cve-icon MITRE

Status: PUBLISHED

Assigner: NETGEAR

Published:

Updated: 2026-06-09T18:40:17.799Z

Reserved: 2025-12-03T04:16:19.215Z

Link: CVE-2026-0412

cve-icon Vulnrichment

Updated: 2026-06-09T17:33:54.264Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:16:58.627

Modified: 2026-06-09T19:38:32.463

Link: CVE-2026-0412

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T17:30:10Z

Weaknesses