Description
Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network
to tamper with the system.
Published: 2026-06-09
Score: 4.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Insufficient configuration management allows authenticated administrators connected to the local network to tamper with the system. This makes it possible to alter any available configuration settings, which could affect network routing, firewall rules, or other key operational parameters. The weakness lies in inadequate configuration controls (CWE‑15).

Affected Systems

The vulnerability affects a substantial portion of NETGEAR routers, access points, and Wi‑Fi solutions, including the CBR750, EX6120, EX6130, MR60, MR70, MR80, MS60, MS70, MS80, RAX15, RAX20, RAX200, RAX35v2, RAX38v2, RAX40v2, RAX42, RAX43, RAX45, RAX48, RAX50, RAX50S, RAX75, RAX80, RAXE450, RAXE500, RBR750, RBR840, RBR850, RBRE960, RBS750, RBS840, RBS850, RBSE960, RS700, and XR1000.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity, and the vulnerability is not yet listed in CISA KEV nor does it have a public EPSS value. The likely attack vector is local, requiring authenticated administrator access over the local network. Once compromised, an attacker could modify device configuration to disrupt services or weaken security controls, but the impact is limited to the scope of devices still in operation. Patching is the most effective mitigation.

Generated by OpenCVE AI on June 9, 2026 at 17:25 UTC.

Remediation

Vendor Solution

NETGEAR strongly recommends that you install the latest firmware as soon as possible. Issue fixed in: ProductFixed VersionCBR750v4.6.14.4EX6120*EOSEX6130*EOSMR60V1.1.7.128MR70V1.0.3.28MR80V1.1.7.6MS60V1.1.7.128MS70V1.0.3.28MS80V1.1.7.6RAX15*EOSRAX20*EOSRAX200*EOSRAX35v2V1.0.11.112RAX38v2V1.0.11.112RAX40v2V1.0.11.112RAX42*V1.0.11.112RAX43*V1.0.11.112RAX45*V1.0.11.112RAX48V1.0.11.112RAX50V1.0.11.112RAX50SV1.0.11.112RAX75*EOSRAX80*EOSRAXE450V1.0.10.86RAXE500V1.0.10.86RBR750V4.6.14.3RBR840*V4.6.14.3RBR850V4.6.14.3RBRE960V6.3.7.5RBS750V4.6.14.3RBS840*V4.6.14.3RBS850V4.6.14.3RBSE960V6.3.7.5RS700 V1.0.7.66 https://www.netgear.com/support/product/rs700/ XR1000v1.0.0.68 * Model has reached its End-of-Support phase and no future security updates are planned. NETGEAR strongly recommends that you retire this device and upgrade to a newer NETGEAR product for continued security support.

OpenCVE Recommended Actions

  • Install the latest firmware on all affected devices as soon as possible.
  • Replace any end‑of‑support models with newer NETGEAR products that receive ongoing security patches.
  • Limit administrative access to a minimal set of trusted users and disable remote web interface if not required.
  • Monitor device logs for any unauthorized configuration changes.

Generated by OpenCVE AI on June 9, 2026 at 17:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://www.netgear.com/support/product/cbr750/ cve-icon cve-icon
https://www.netgear.com/support/product/ex6120/ cve-icon cve-icon
https://www.netgear.com/support/product/ex6130/ cve-icon cve-icon
https://www.netgear.com/support/product/mr60/ cve-icon cve-icon
https://www.netgear.com/support/product/mr70/ cve-icon cve-icon
https://www.netgear.com/support/product/mr80/ cve-icon cve-icon
https://www.netgear.com/support/product/ms60/ cve-icon cve-icon
https://www.netgear.com/support/product/ms70/ cve-icon cve-icon
https://www.netgear.com/support/product/ms80/ cve-icon cve-icon
https://www.netgear.com/support/product/rax15/ cve-icon cve-icon
https://www.netgear.com/support/product/rax20/ cve-icon cve-icon
https://www.netgear.com/support/product/rax200/ cve-icon cve-icon
https://www.netgear.com/support/product/rax35v2/ cve-icon cve-icon
https://www.netgear.com/support/product/rax38v2/ cve-icon cve-icon
https://www.netgear.com/support/product/rax40v2/ cve-icon cve-icon
https://www.netgear.com/support/product/rax42/ cve-icon cve-icon
https://www.netgear.com/support/product/rax43/ cve-icon cve-icon
https://www.netgear.com/support/product/rax45/ cve-icon cve-icon
https://www.netgear.com/support/product/rax48/ cve-icon cve-icon
https://www.netgear.com/support/product/rax50/ cve-icon cve-icon
https://www.netgear.com/support/product/rax50s/ cve-icon cve-icon
https://www.netgear.com/support/product/rax75/ cve-icon cve-icon
https://www.netgear.com/support/product/rax80/ cve-icon cve-icon
https://www.netgear.com/support/product/raxe450/ cve-icon cve-icon
https://www.netgear.com/support/product/raxe500/ cve-icon cve-icon
https://www.netgear.com/support/product/rbr750/ cve-icon cve-icon
https://www.netgear.com/support/product/rbr840/ cve-icon cve-icon
https://www.netgear.com/support/product/rbr850/ cve-icon cve-icon
https://www.netgear.com/support/product/rbre960/ cve-icon cve-icon
https://www.netgear.com/support/product/rbs750/ cve-icon cve-icon
https://www.netgear.com/support/product/rbs840/ cve-icon cve-icon
https://www.netgear.com/support/product/rbs850/ cve-icon cve-icon
https://www.netgear.com/support/product/rbse960/ cve-icon cve-icon
https://www.netgear.com/support/product/rs700/ cve-icon cve-icon
https://www.netgear.com/support/product/xr1000/ cve-icon cve-icon
History

Tue, 09 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Netgear
Netgear cbr750
Netgear ex6120
Netgear ex6130
Netgear mr60
Netgear mr70
Netgear mr80
Netgear ms60
Netgear ms70
Netgear ms80
Netgear rax15
Netgear rax20
Netgear rax200
Netgear rax35v2
Netgear rax38v2
Netgear rax40v2
Netgear rax42
Netgear rax43
Netgear rax45
Netgear rax48
Netgear rax50
Netgear rax50s
Netgear rax75
Netgear rax80
Netgear raxe450
Netgear raxe500
Netgear rbr750
Netgear rbr840
Netgear rbr850
Netgear rbre960
Netgear rbs750
Netgear rbs840
Netgear rbs850
Netgear rbse960
Netgear rs700
Netgear xr1000
Vendors & Products Netgear
Netgear cbr750
Netgear ex6120
Netgear ex6130
Netgear mr60
Netgear mr70
Netgear mr80
Netgear ms60
Netgear ms70
Netgear ms80
Netgear rax15
Netgear rax20
Netgear rax200
Netgear rax35v2
Netgear rax38v2
Netgear rax40v2
Netgear rax42
Netgear rax43
Netgear rax45
Netgear rax48
Netgear rax50
Netgear rax50s
Netgear rax75
Netgear rax80
Netgear raxe450
Netgear raxe500
Netgear rbr750
Netgear rbr840
Netgear rbr850
Netgear rbre960
Netgear rbs750
Netgear rbs840
Netgear rbs850
Netgear rbse960
Netgear rs700
Netgear xr1000

Tue, 09 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Description Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system.
Title Certain NETGEAR devices allow administrators to tamper with system
Weaknesses CWE-15
References
Metrics cvssV4_0

{'score': 4.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/R:U/V:D/RE:L/U:Amber'}
cve-icon MITRE

Status: PUBLISHED

Assigner: NETGEAR

Published:

Updated: 2026-06-09T17:09:21.456Z

Reserved: 2025-12-03T04:16:25.029Z

Link: CVE-2026-0418

cve-icon Vulnrichment

Updated: 2026-06-09T17:08:25.369Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:16:59.687

Modified: 2026-06-09T19:38:32.463

Link: CVE-2026-0418

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T20:20:21Z

Weaknesses