Skip to main content

NETGEAR Router CVE-2026-0410

| EUVDEUVD-2026-35452 LOW
Improper Input Validation (CWE-20)
2026-06-09 NETGEAR GHSA-r224-q75m-hjpj
1.9
CVSS 4.0 · Vendor: NETGEAR

Severity by source

Vendor (NETGEAR) PRIMARY
1.9 LOW
CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:L/U:Amber

Primary rating from Vendor (NETGEAR) · only source for this CVE.

CVSS VectorVendor: NETGEAR

CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:L/U:Amber
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 09, 2026 - 20:15 vuln.today
CVSS changed
Jun 09, 2026 - 17:22 NVD
1.9 (LOW)
CVE Published
Jun 09, 2026 - 15:41 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality.

AnalysisAI

Integrity controls on multiple NETGEAR router firmware lines can be subverted by authenticated administrators on the local network through improper input validation (CWE-20), enabling privilege escalation beyond the intended administrative authorization boundary and permitting unauthorized modifications to router software and functionality. Twenty distinct NETGEAR SKUs across the R7000, RAX, RAXE, and XR1000 series are confirmed affected per ENISA EUVD-2026-35452, each with specific patched firmware thresholds now released by the vendor. No public exploit exists at time of analysis (CVSS E:U), and multiple CVSS constraints - adjacent-only attack vector, high complexity, and high privilege requirement - substantially limit the realistic threat population.

Technical ContextAI

The root cause is CWE-20 (Improper Input Validation) within the router's firmware administrative logic. Despite being tagged 'Authentication Bypass,' the CVSS 4.0 vector specifies PR:H (high privileges required), indicating this is more precisely a post-authentication privilege escalation - an already-authenticated administrator can craft inputs that circumvent authorization checks and gain access exceeding their intended scope, rather than bypassing the login mechanism entirely. The adjacent attack vector (AV:A) constrains exploitation to the same LAN or WLAN segment as the device. Affected CPEs confirmed by the vendor span ten distinct product lines in NVD: cpe:2.3:a:netgear:r7000, rax20, rax35v2, rax41, rax41v2, rax42, rax42v2, rax43, rax43v2, and rax45, with EUVD extending that list to include RAX49S, RAX50, RAX50S, RAX50v2, RAX54v2, RAX54Sv2, RAXE450, RAXE500, XR1000, and XR1000v2 - all consumer and prosumer Wi-Fi routers running NETGEAR's proprietary firmware stack.

RemediationAI

The primary remediation is a firmware update to the patched versions released by NETGEAR. Per EUVD-2026-35452, the following minimum firmware versions resolve this issue: R7000 → V1.0.11.216, RAX20 → V1.0.18.144, RAX35v2/RAX41/RAX42/RAX43/RAX45/RAX50/RAX50S → V1.0.16.132, RAX41v2/RAX42v2/RAX43v2/RAX49S/RAX50v2/RAX54v2/RAX54Sv2 → V1.1.4.28, RAXE450/RAXE500 → V1.2.14.114, and XR1000/XR1000v2 → V1.1.0.22. Firmware downloads are available from the respective NETGEAR product support pages linked in the references above. As compensating controls pending patching, enforce least-privilege admin access by ensuring only strictly necessary personnel hold router administrator credentials and rotate any shared credentials immediately - this directly reduces the threat population given that PR:H is a hard prerequisite. Additionally, ensure the router admin interface is not bridged to untrusted network segments, since AV:A means all exploitation must originate from the adjacent network; network segmentation that isolates the management plane limits lateral escalation risk. Note that these controls reduce attack surface but do not eliminate the underlying vulnerability.

Share

CVE-2026-0410 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy