Skip to main content

NETGEAR JR6150 CVE-2026-0412

| EUVDEUVD-2026-35453 MEDIUM
Improper Input Validation (CWE-20)
2026-06-09 NETGEAR GHSA-357w-938w-48r2
4.3
CVSS 4.0 · Vendor: NETGEAR
Share

Severity by source

Vendor (NETGEAR) PRIMARY
4.3 MEDIUM
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:X/U:Amber

Primary rating from Vendor (NETGEAR) · only source for this CVE.

CVSS VectorVendor: NETGEAR

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:X/U:Amber
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 09, 2026 - 20:14 vuln.today
CVSS changed
Jun 09, 2026 - 17:22 NVD
4.3 (MEDIUM)
CVE Published
Jun 09, 2026 - 15:50 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Insufficient input validation vulnerability in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in 2018 and is no longer receiving security updates. NETGEAR strongly recommends replacing these devices with newer NETGEAR models to ensure continued security support and updates.

This vulnerability has been identified through firmware emulation in a controlled research environment and has not been verified on production hardware.

AnalysisAI

Insufficient input validation in the NETGEAR JR6150 AC750 router (firmware ≤1.0.1.26) enables authenticated administrators on the local network to make unauthorized modifications to router software and functionality beyond their intended authorization scope. The device reached End-of-Support in 2018 and will receive no security patches. No public exploit code exists and no active exploitation has been identified; however, the device's permanent unpatched status makes risk acceptance or replacement the only long-term posture. The vulnerability was identified through firmware emulation and has not been verified on production hardware.

Technical ContextAI

The affected product is the NETGEAR JR6150 AC750 dual-band Gigabit 802.11ac router released in 2014, identified by CPE cpe:2.3:a:netgear:jr6150:*:*:*:*:*:*:*:*. All firmware versions up to and including 1.0.1.26 are affected per EUVD data. The root cause is CWE-20 (Improper Input Validation), a class of vulnerabilities where user-supplied or attacker-controlled input is not adequately checked before being processed by the router's management interface or firmware update mechanism. In the context of a home/SOHO router, this class of flaw commonly manifests in the device's web-based administration interface or configuration API, where crafted parameter values can bypass intended constraints on what router software or settings an authenticated session can modify. The 'Authentication Bypass' tag in the intelligence data is notable: while the CVSS PR:H metric indicates high-privilege authentication is required to reach the vulnerable function, the tag suggests the flaw may allow an admin-level session to bypass authorization controls governing specific privileged operations - such as flashing arbitrary firmware or modifying restricted configuration - beyond what the role should permit.

RemediationAI

No vendor-released patch identified at time of analysis. NETGEAR has explicitly confirmed the JR6150 is End-of-Support since 2018 and has stated no further security updates will be provided, making device replacement the only permanent remediation. NETGEAR's official guidance is to replace the JR6150 with a currently supported NETGEAR model; the support page at https://www.netgear.com/support/product/jr6150 should be consulted for replacement guidance. As a compensating control pending replacement, administrators should restrict access to the router's management interface to the minimum necessary set of trusted users, change default admin credentials to strong unique passwords, and disable remote management features if not required - though none of these controls eliminate the underlying vulnerability, they reduce the attack surface. Placing the router behind a network access control system to limit which hosts can reach the management interface is an additional short-term measure, bearing in mind that AV:A already constrains exploitation to the local network. The trade-off of all these workarounds is operational overhead with no security guarantee, making hardware replacement the recommended path.

Share

CVE-2026-0412 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy