Description
Authenticated administrators connected to the local network can modify router functionality beyond what is intended through the standard management interface.
Published: 2026-06-09
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows authenticated administrators connected to the local network to change router configuration settings beyond the intended limits. This flaw, identified as an input validation weakness (CWE-20), can enable an attacker with administrative privileges to alter network behavior, potentially disrupting services or weakening network security. The impact is limited to devices that have not applied the latest firmware update and remains within the reach of local administrators.

Affected Systems

NETGEAR RAXE450 routers with firmware versions older than V1.2.14.114 and NETGEAR RAXE500 routers with firmware versions older than V1.2.14.114 are affected. The fix is provided in firmware release V1.2.14.114 for both models.

Risk and Exploitability

The CVSS score of 4.3 indicates a low to moderate severity. The EPSS score is not available, but the flaw is not listed in the CISA KEV catalog, suggesting no known public exploitation. The likely attack vector is through the standard local management interface, requiring authenticated administrator access and local network connectivity. An attacker with these prerequisites can modify router functionality beyond intended limits. The risk is mitigated by updating firmware and restricting management access.

Generated by OpenCVE AI on June 9, 2026 at 17:25 UTC.

Remediation

Vendor Solution

Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in: ProductFixed VersionRAXE450 Nighthawk AXE10000 Tri-Band WiFi 6E Router V1.2.14.114 https://www.netgear.com/support/product/raxe450/ RAXE500 Nighthawk AX12 12-Stream AXE11000 Tri-Band WiFi 6E Router V1.2.14.114 https://www.netgear.com/support/product/raxe500/

OpenCVE Recommended Actions

  • Install the latest firmware release V1.2.14.114 for NETGEAR RAXE450 and RAXE500 routers. This firmware patch corrects the input validation issue that permits unauthorized configuration changes.
  • Limit access to the router’s management interface to trusted local network segments only. Disable remote administration unless strictly required and secure it with strong authentication.
  • Change the default administrator credentials to a strong, unique password and regularly review access permissions to ensure only authorized personnel have administrative rights.

Generated by OpenCVE AI on June 9, 2026 at 17:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 16:00:00 +0000

Type Values Removed Values Added
References

Tue, 09 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Netgear
Netgear raxe450
Netgear raxe500
Vendors & Products Netgear
Netgear raxe450
Netgear raxe500

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Description Authenticated administrators connected to the local network can modify router functionality beyond what is intended through the standard management interface.
Title RAXE450 and RAXE500 routers allow administrators to modify router functionality beyond intended limits
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 4.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber'}

Subscriptions

Netgear Raxe450 Raxe500
cve-icon MITRE

Status: PUBLISHED

Assigner: NETGEAR

Published:

Updated: 2026-06-10T15:33:32.312Z

Reserved: 2025-12-03T04:16:23.205Z

Link: CVE-2026-0416

cve-icon Vulnrichment

Updated: 2026-06-09T17:35:12.623Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:16:59.313

Modified: 2026-06-10T16:16:55.830

Link: CVE-2026-0416

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T17:30:10Z

Weaknesses