Description
Insufficient input validation vulnerability in NETGEAR devices allows
authenticated administrators connected to the local network to tamper with
the router's integrity.
Published: 2026-06-09
Score: 4.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in input validation on certain NETGEAR routers enables authenticated administrators on the local network to modify the router’s configuration, potentially changing routing tables, DNS settings, or other device settings without detection. The vulnerability does not grant higher privileges or remote code execution; it strictly permits tampering with device integrity when legitimate admin credentials are available.

Affected Systems

Affected routers include the NETGEAR MR60, MR70, MR80, MS60, MS70, MS80, R6400v2, R6700v3, R6900P, R7000, R7000P, R7960P, R8000P, R8500, RAX20, RAX35v2, RAX40v2, RAX41, RAX42, RAX43, RAX45, RAX48, RAX50, RAX50S, RAXE450, RAXE500, and XR1000. For each model, NETGEAR specifies firmware versions that fix the issue, such as MR60 V1.1.7.132 and R6400v2 V1.0.4.128; several RAX series units have reached end‑of‑support with no future updates planned.

Risk and Exploitability

The CVSS score of 4.3 classifies the vulnerability as low severity, and the EPSS score is unavailable, indicating no widespread exploitation evidence. The attack vector is limited to local‑network access where an attacker holds administrative credentials. Once those credentials are compromised, an attacker could alter configuration settings, potentially disrupting network operations, but the lack of remote execution or privilege escalation constrains the overall risk.

Generated by OpenCVE AI on June 9, 2026 at 18:28 UTC.

Remediation

Vendor Solution

NETGEAR strongly recommends that you install the latest firmware as soon as possible.  Issue fixed in: ProductFixed VersionMR60V1.1.7.132MR70V1.0.3.28MR80V1.1.7.14MS60V1.1.7.132MS70V1.0.3.28MS80V1.1.7.14R6400v2*V1.0.4.128R6700v3*V1.0.4.128R6900P*V1.3.3.152R7000*V1.0.11.216R7000P*V1.3.3.152R7960P*V1.4.4.92R8000P*V1.4.4.92R8500*EOSRAX20* V1.0.18.144 https://www.netgear.com/support/product/rax20/ RAX35v2V1.0.12.118RAX40v2V1.0.12.118RAX41*V1.0.12.118RAX42*V1.0.12.118RAX43*V1.0.12.120RAX45*V1.0.12.118RAX48V1.0.12.118RAX50V1.0.12.120RAX50SV1.0.12.120RAXE450V1.0.10.86RAXE500V1.0.10.86XR1000V1.0.0.68 * Model has reached its End-of-Support phase and no future security updates are planned. NETGEAR strongly recommends that you retire this device and upgrade to a newer NETGEAR product for continued security support.

OpenCVE Recommended Actions

  • Install the latest firmware release for each affected router model as specified by NETGEAR’s advisory.
  • Restrict administrative access from untrusted local network segments, use a separate VLAN or VPN for management, and enforce strong, regularly changed passwords for admin accounts.
  • Plan for replacement or retirement of end‑of‑support devices, such as the RAX20 and other end‑of‑support RAX units, to ensure ongoing security support.

Generated by OpenCVE AI on June 9, 2026 at 18:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Netgear
Netgear mr60
Netgear mr70
Netgear mr80
Netgear ms60
Netgear ms70
Netgear ms80
Netgear r6400v2
Netgear r6700v3
Netgear r6900p
Netgear r7000
Netgear r7000p
Netgear r7960p
Netgear r8000p
Netgear r8500
Netgear rax20
Netgear rax35v2
Netgear rax40v2
Netgear rax41
Netgear rax42
Netgear rax43
Netgear rax45
Netgear rax48
Netgear rax50
Netgear rax50s
Netgear raxe450
Netgear raxe500
Netgear xr1000
Vendors & Products Netgear
Netgear mr60
Netgear mr70
Netgear mr80
Netgear ms60
Netgear ms70
Netgear ms80
Netgear r6400v2
Netgear r6700v3
Netgear r6900p
Netgear r7000
Netgear r7000p
Netgear r7960p
Netgear r8000p
Netgear r8500
Netgear rax20
Netgear rax35v2
Netgear rax40v2
Netgear rax41
Netgear rax42
Netgear rax43
Netgear rax45
Netgear rax48
Netgear rax50
Netgear rax50s
Netgear raxe450
Netgear raxe500
Netgear xr1000

Tue, 09 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Description Insufficient input validation vulnerability in NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity.
Title Insufficient input validation in certain NETGEAR routers
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 4.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber'}
cve-icon MITRE

Status: PUBLISHED

Assigner: NETGEAR

Published:

Updated: 2026-06-09T17:10:51.031Z

Reserved: 2025-12-03T04:16:24.254Z

Link: CVE-2026-0417

cve-icon Vulnrichment

Updated: 2026-06-09T17:10:46.313Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:16:59.450

Modified: 2026-06-09T19:38:32.463

Link: CVE-2026-0417

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T20:20:22Z

Weaknesses