Description
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
Published: 2026-06-09
Score: 4.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an insufficient input validation flaw that lets an authenticated administrator on the local network modify router software and functionality beyond the intended scope. Because the changes can alter core firmware behavior, an attacker might be able to execute arbitrary code or destabilize the device. The weakness is classified as CWE‑94, indicating a flaw involving improper handling of code or data that can be interpreted by the system.

Affected Systems

NETGEAR RBE97x routers running firmware versions earlier than V9.12.4.9 are affected. Any device running an older build should update to the fixed firmware to remove the vulnerability.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity, and the EPSS score is not available, suggesting limited known exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers would need to be on the local network and possess administrative credentials; this local authenticated attack vector is inferred from the description.

Generated by OpenCVE AI on June 9, 2026 at 18:28 UTC.

Remediation

Vendor Solution

NETGEAR strongly recommends that you install the latest firmware as soon as possible.  Issue fixed in:  ProductFixed VersionRBE97xV9.12.4.9

OpenCVE Recommended Actions

  • Apply the latest firmware (V9.12.4.9) released by NETGEAR to all affected RBE97x units.
  • Restrict local administrator access to trusted personnel and enforce strong passwords for those accounts.
  • Separate the router’s management interface from guest or public networks using network segmentation or firewall rules to limit local admin traffic.

Generated by OpenCVE AI on June 9, 2026 at 18:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Netgear
Netgear rbe97x
Vendors & Products Netgear
Netgear rbe97x

Tue, 09 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Description Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
Title Arbitrary Code Execution vulnerability exists in RBE970
Weaknesses CWE-94
References
Metrics cvssV4_0

{'score': 4.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U'}

Subscriptions

Netgear Rbe97x
cve-icon MITRE

Status: PUBLISHED

Assigner: NETGEAR

Published:

Updated: 2026-06-09T17:05:19.275Z

Reserved: 2025-12-03T04:16:21.302Z

Link: CVE-2026-0414

cve-icon Vulnrichment

Updated: 2026-06-09T17:05:09.581Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:16:58.990

Modified: 2026-06-09T19:38:32.463

Link: CVE-2026-0414

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T20:20:18Z

Weaknesses