Description
Insufficient input validation in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows users connected to the local WiFi Networks to execute operating system commands. NETGEAR JR6150 has reached End-of-Support phase as of 2018 , and no
further security updates are planned. NETGEAR strongly recommends
replacing these devices with newer NETGEAR models to ensure continued
security support and updates.



This vulnerability has been identified through firmware emulation in a controlled research environment and has not been verified on production hardware.
Published: 2026-06-09
Score: 4.4 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Insufficient input validation in the router's firmware permits a user connected to the local WiFi network to inject and execute operating‑system commands. The flaw is a classic input‑validation weakness (CWE-20) that gives attackers the ability to run arbitrary commands on the device, potentially leading to full device compromise. Because the vulnerability was discovered through firmware emulation and not yet confirmed on production hardware, the exact extent of the impact remains uncertain, but the potential for command execution is clear.

Affected Systems

The affected product is the NETGEAR JR6150 AC750 Wi‑Fi router (802.11ac dual‑band, Gigabit, released 2014). No specific firmware versions are listed; the device is already in an End‑of‑Support phase as of 2018, and NETGEAR no longer issues security updates for it. This applies to all routers bearing the JR6150 designation, regardless of firmware revision.

Risk and Exploitability

The CVSS score of 4.4 reflects moderate severity; there is no EPSS value and the vulnerability is not cataloged in CISA’s KEV database. Because the flaw allows command execution from the local wireless network, the likely attack vector is an attacker who gains access to the Wi‑Fi network. No exploit has been publicly verified, but the lack of input validation means a determined local user could craft network traffic that triggers the command injection. Without an official fix, the risk persists until the device is replaced or otherwise isolated.

Generated by OpenCVE AI on June 9, 2026 at 17:26 UTC.

Remediation

Vendor Solution

NETGEAR JR6150 has reached End-of-Support phase, and no further security updates are planned. NETGEAR strongly recommends replacing these devices with newer NETGEAR models to ensure continued security support and updates.

OpenCVE Recommended Actions

  • Replace the NETGEAR JR6150 with a sold‑and‑supported router that receives security updates.
  • Disable unused services such as remote administration or restrict management access to trusted IPs.
  • Enforce strong, unique Wi‑Fi passwords and limit network access to authenticated users; consider separating guest traffic on a separate SSID or VLAN.

Generated by OpenCVE AI on June 9, 2026 at 17:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Netgear
Netgear jr6150
Vendors & Products Netgear
Netgear jr6150

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Description Insufficient input validation in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows users connected to the local WiFi Networks to execute operating system commands. NETGEAR JR6150 has reached End-of-Support phase as of 2018 , and no further security updates are planned. NETGEAR strongly recommends replacing these devices with newer NETGEAR models to ensure continued security support and updates. This vulnerability has been identified through firmware emulation in a controlled research environment and has not been verified on production hardware.
Title Insufficient input validation vulnerability in NETGEAR JR6150
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 4.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber'}

Subscriptions

Netgear Jr6150
cve-icon MITRE

Status: PUBLISHED

Assigner: NETGEAR

Published:

Updated: 2026-06-09T18:40:09.793Z

Reserved: 2025-12-03T04:16:25.919Z

Link: CVE-2026-0419

cve-icon Vulnrichment

Updated: 2026-06-09T17:34:21.559Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:00.000

Modified: 2026-06-09T19:38:32.463

Link: CVE-2026-0419

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T18:00:11Z

Weaknesses