Skip to main content

NETGEAR Routers CVE-2026-0417

| EUVDEUVD-2026-35460 MEDIUM
Improper Input Validation (CWE-20)
2026-06-09 NETGEAR GHSA-gp45-6q59-r2fj
4.3
CVSS 4.0 · Vendor: NETGEAR
Share

Severity by source

Vendor (NETGEAR) PRIMARY
4.3 MEDIUM
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:L/U:Amber

Primary rating from Vendor (NETGEAR) · only source for this CVE.

CVSS VectorVendor: NETGEAR

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:L/U:Amber
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 09, 2026 - 20:11 vuln.today
CVSS changed
Jun 09, 2026 - 17:22 NVD
4.3 (MEDIUM)
CVE Published
Jun 09, 2026 - 15:50 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Insufficient input validation vulnerability in NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity.

AnalysisAI

Integrity tampering in NETGEAR router and mesh network firmware allows authenticated administrators on the local network to submit insufficiently validated input, modifying the router's configuration or internal state in unintended ways. Affected devices span at least 27 product lines including MR/MS mesh units and R-series routers, all running firmware below specific patched versions identified by NETGEAR (EUVD-2026-35460). No public exploit has been identified at time of analysis, SSVC assigns no active exploitation and non-automatable status, and NETGEAR has released patched firmware across all affected product lines.

Technical ContextAI

The root cause is CWE-20 (Improper Input Validation) in NETGEAR firmware, meaning the device's administrative interface - likely its HTTP-based management plane - fails to properly sanitize or constrain input submitted by admin-level users. The CVSS 4.0 vector (AV:A) confirms exploitation requires adjacency to the device's network segment, consistent with the router's LAN-side management interface. Affected CPEs span application-layer entries for MR60, MR70, MR80 (Orbi mesh), MS60, MS70, MS80 (Orbi satellite units), R6400v2, R6700v3, R6900P, and R7000 (traditional routers), indicating the flaw likely exists in shared firmware components or a common web management framework deployed across NETGEAR's product portfolio. The integrity impact (VI:H) with no confidentiality or availability impact (VC:N, VA:N) suggests the vulnerability enables unauthorized writes or configuration changes rather than data exfiltration or service disruption.

RemediationAI

The primary remediation is upgrading affected devices to the patched firmware versions identified by NETGEAR and published via EUVD-2026-35460. Each product has a specific minimum patched version; for example, R7000 should be updated to V1.0.11.216 or later, MR60/MS60 to V1.1.7.132 or later, and R6400v2/R6700v3 to V1.0.4.128 or later. Firmware downloads are available through NETGEAR's product support pages (e.g., https://www.netgear.com/support/product/r7000/). Note that RAX35v2 has no confirmed fix version yet (listed as TBD in EUVD data) - owners of that model should monitor NETGEAR advisories. As a compensating control where patching is delayed, restrict administrative access to the router management interface to specific trusted LAN hosts using firewall ACLs or VLAN segmentation, and enforce strong, unique administrator credentials to reduce the insider-threat surface. Disabling remote management (if enabled) does not mitigate this vulnerability since AV:A already limits exploitation to the local network.

Share

CVE-2026-0417 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy