Description
An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with local network access to submit crafted input that bypasses intended management interface restrictions, resulting in unauthorized modification of protected router software or functionality.
Published: 2026-06-09
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An insufficient input validation flaw in specific NETGEAR router models allows an authenticated administrator with local network access to submit crafted input that bypasses management interface restrictions, enabling unauthorized modification of protected router software or functionality. This input validation weakness (CWE-20) can let an attacker with administrative rights alter network settings beyond intended limits, potentially disrupting services or weakening network security. The impact is confined to routers that have not yet updated to the latest firmware and remains within the reach of local administrators.

Affected Systems

NETGEAR RAXE450 routers with firmware versions older than V1.2.14.114 and NETGEAR RAXE500 routers with firmware versions older than V1.2.14.114 are affected. The fix is provided in firmware release V1.2.14.114 for both models.

Risk and Exploitability

The CVSS score of 4.3 indicates a low to moderate severity. The EPSS score is < 1%, but the flaw is not listed in the CISA KEV catalog, suggesting no known public exploitation. The likely attack vector is through the standard local management interface, requiring authenticated administrator access and local network connectivity. An attacker with these prerequisites can modify router functionality beyond intended limits. The risk is mitigated by updating firmware and restricting management access.

Generated by OpenCVE AI on June 11, 2026 at 07:26 UTC.

Remediation

Vendor Solution

Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in: ProductFixed VersionRAXE450 Nighthawk AXE10000 Tri-Band WiFi 6E Router V1.2.14.114 https://www.netgear.com/support/product/raxe450/ RAXE500 Nighthawk AX12 12-Stream AXE11000 Tri-Band WiFi 6E Router V1.2.14.114 https://www.netgear.com/support/product/raxe500/

OpenCVE Recommended Actions

  • Install the latest firmware release V1.2.14.114 for NETGEAR RAXE450 and RAXE500 routers. This firmware patch corrects the input validation issue that permits unauthorized configuration changes.
  • Limit access to the router’s management interface to trusted local network segments only. Disable remote administration unless strictly required and secure it with strong authentication.
  • Change the default administrator credentials to a strong, unique password and regularly review access permissions to ensure only authorized personnel have administrative rights.

Generated by OpenCVE AI on June 11, 2026 at 07:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 06:45:00 +0000

Type Values Removed Values Added
Description Authenticated administrators connected to the local network can modify router functionality beyond what is intended through the standard management interface. An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with local network access to submit crafted input that bypasses intended management interface restrictions, resulting in unauthorized modification of protected router software or functionality.
Title RAXE450 and RAXE500 routers allow administrators to modify router functionality beyond intended limits Improper input validation in certain NETGEAR routers allows unauthorized modification of protected router functionality

Wed, 10 Jun 2026 16:00:00 +0000

Type Values Removed Values Added
References

Tue, 09 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Netgear
Netgear raxe450
Netgear raxe500
Vendors & Products Netgear
Netgear raxe450
Netgear raxe500

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Description Authenticated administrators connected to the local network can modify router functionality beyond what is intended through the standard management interface.
Title RAXE450 and RAXE500 routers allow administrators to modify router functionality beyond intended limits
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 4.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber'}

Subscriptions

Netgear Raxe450 Raxe500
cve-icon MITRE

Status: PUBLISHED

Assigner: NETGEAR

Published:

Updated: 2026-06-11T06:02:54.919Z

Reserved: 2025-12-03T04:16:23.205Z

Link: CVE-2026-0416

cve-icon Vulnrichment

Updated: 2026-06-09T17:35:12.623Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:16:59.313

Modified: 2026-06-11T07:16:26.447

Link: CVE-2026-0416

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T07:30:08Z

Weaknesses
  • CWE-20

    Improper Input Validation