Description
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
Published: 2026-06-09
Score: 4.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a case of insufficient input validation (CWE‑20). An authenticated local administrator can supply crafted input that causes the router to apply unauthorized changes to its firmware or configuration. The flaw allows modification of routing tables, firmware versions, or enabled features, giving the attacker unintended control over the device and the opportunity for persistence, lateral movement, or denial of service within the local network.

Affected Systems

All NETGEAR router models listed under the CVE (EX3700, EX3800, EX6120, EX6130, MR60, MR70, MR80, MS60, MS70, MS80, R6400v2, R6700v3, R6900P, R7000, R7000P, R7960P, R8000P, R8500, RAX20, RAX35v2, RAX40v2, RAX41, RAX42, RAX43, RAX45, RAX48, RAX50, RAX50S, RAXE450, RAXE500, XR1000) running any firmware version earlier than the fixes listed for each model. Models marked with an asterisk have reached End‑of‑Support and will not receive future security updates.

Risk and Exploitability

The CVSS score of 4.9 indicates moderate severity. Exploitation requires local network access and valid administrative credentials. No publicly known exploits are listed in the CISA KEV catalog and EPSS is unavailable. The attack vector is an authenticated local administrator, so defenders should limit administrative privileges to trusted staff and ensure firmware is regularly updated to eliminate the vulnerable code path.

Generated by OpenCVE AI on June 9, 2026 at 18:07 UTC.

Remediation

Vendor Solution

NETGEAR strongly recommends that you install the latest firmware as soon as possible. Issue fixed in: ProductFixed VersionEX3700 V1.0.0.100 https://www.netgear.com/support/product/ex3700/ EX3800* V1.0.0.100 https://www.netgear.com/support/product/ex3800/ EX6120 V1.0.0.72 https://www.netgear.com/support/product/ex6120/ EX6130 V1.0.0.54 https://www.netgear.com/support/product/ex6130/ MR60V1.1.7.132MR70V1.0.3.28MR80V1.1.7.14MS60V1.1.7.132MS70V1.0.3.28MS80V1.1.7.14R6400v2*V1.0.4.128R6700v3*V1.0.4.128R6900P*V1.3.3.152R7000*V1.0.11.216R7000P*V1.3.3.152R7960P*V1.4.4.92R8000P*V1.4.4.92R8500*EoSRAX20* V1.0.18.144 https://www.netgear.com/support/product/rax20/ RAX35v2V1.0.12.118RAX40v2V1.0.12.118RAX41*V1.0.12.118RAX42*V1.0.12.118RAX43*V1.0.12.120RAX45*V1.0.12.118RAX48V1.0.12.118RAX50V1.0.12.120RAX50SV1.0.12.120RAXE450V1.0.10.86RAXE500V1.0.10.86XR1000V1.0.0.68 * Model has reached its End-of-Support phase and no future security updates are planned. NETGEAR strongly recommends that you retire this device and upgrade to a newer NETGEAR product for continued security support.

OpenCVE Recommended Actions

  • Apply the latest firmware revision for each affected router model as released by NETGEAR
  • For devices that have reached End‑of‑Support, retire the device and replace it with a newer NETGEAR model that still receives security updates
  • Restrict administrative access to trusted personnel and enforce least‑privilege policies
  • Monitor and audit administrative activity to detect unauthorized changes

Generated by OpenCVE AI on June 9, 2026 at 18:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Netgear
Netgear ex3700
Netgear ex3800
Netgear ex6120
Netgear ex6130
Netgear mr60
Netgear mr70
Netgear mr80
Netgear ms60
Netgear ms70
Netgear ms80
Netgear r6400v2
Netgear r6700v3
Netgear r6900p
Netgear r7000
Netgear r7000p
Netgear r7960p
Netgear r8000p
Netgear r8500
Netgear rax20
Netgear rax35v2
Netgear rax40v2
Netgear rax41
Netgear rax42
Netgear rax43
Netgear rax45
Netgear rax48
Netgear rax50
Netgear rax50s
Netgear raxe450
Netgear raxe500
Netgear xr1000
Vendors & Products Netgear
Netgear ex3700
Netgear ex3800
Netgear ex6120
Netgear ex6130
Netgear mr60
Netgear mr70
Netgear mr80
Netgear ms60
Netgear ms70
Netgear ms80
Netgear r6400v2
Netgear r6700v3
Netgear r6900p
Netgear r7000
Netgear r7000p
Netgear r7960p
Netgear r8000p
Netgear r8500
Netgear rax20
Netgear rax35v2
Netgear rax40v2
Netgear rax41
Netgear rax42
Netgear rax43
Netgear rax45
Netgear rax48
Netgear rax50
Netgear rax50s
Netgear raxe450
Netgear raxe500
Netgear xr1000

Tue, 09 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Description Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
Title Certain NETGEAR routers allow authenticated administrators to gain unintended control of the router
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 4.9, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber'}
cve-icon MITRE

Status: PUBLISHED

Assigner: NETGEAR

Published:

Updated: 2026-06-09T18:39:39.151Z

Reserved: 2026-05-21T17:29:00.866Z

Link: CVE-2026-9210

cve-icon Vulnrichment

Updated: 2026-06-09T18:05:09.391Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:51.120

Modified: 2026-06-09T19:38:32.463

Link: CVE-2026-9210

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T20:20:23Z

Weaknesses