Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:D/RE:L/U:Amber
Primary rating from Vendor (NETGEAR) · only source for this CVE.
CVSS VectorVendor: NETGEAR
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:D/RE:L/U:Amber
Lifecycle Timeline
3DescriptionCVE.org
Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system.
AnalysisAI
System integrity tampering across a broad portfolio of NETGEAR home and small-business networking devices allows authenticated administrators on the local network to manipulate device configuration beyond intended boundaries, classified under CWE-15 (External Control of System or Configuration Setting). The CVSS 4.0 vector (AV:A/PR:H/VI:H) confirms that exploitation is constrained to adjacent network access with high-privilege credentials, yet the integrity impact on the vulnerable system is rated High. No public exploit code exists (SSVC: Exploitation none; CVSS E:U), and NETGEAR has released firmware patches for all affected product lines.
Technical ContextAI
CWE-15 (External Control of System or Configuration Setting) describes a failure to adequately protect configuration interfaces from unauthorized or out-of-scope modification by privileged users. In this case, NETGEAR's firmware across multiple device families - cable routers (CBR750), WiFi range extenders (EX6120, EX6130), Orbi mesh nodes (MR60, MR70, MR80, MS60, MS70, MS80, RBR/RBS series), AX/WiFi-6 routers (RAX series), WiFi-6E routers (RAXE series), and gaming/business routers (XR1000, RS700) - fails to enforce sufficient constraints on what an authenticated administrator can modify. The AV:A (Adjacent) attack vector indicates the flaw is exposed only over the local network segment (LAN or WiFi), not the public internet. Affected CPEs include cpe:2.3:a:netgear:cbr750, cpe:2.3:a:netgear:ex6120, cpe:2.3:a:netgear:ex6130, cpe:2.3:a:netgear:mr60, cpe:2.3:a:netgear:mr70, cpe:2.3:a:netgear:mr80, cpe:2.3:a:netgear:ms60, cpe:2.3:a:netgear:ms70, cpe:2.3:a:netgear:ms80, and cpe:2.3:a:netgear:rax15, among over 35 device models identified via EUVD-2026-35461.
RemediationAI
Vendor-released firmware patches are confirmed available for all affected devices. Administrators should update to the minimum fixed firmware version for each device: CBR750 to v4.6.14.4 or later, MR60/MS60 to V1.1.7.128 or later, MR70/MS70 to V1.0.3.28 or later, MR80/MS80 to V1.1.7.6 or later, RAX-series (RAX35v2 through RAX50S) to V1.0.11.112 or later, RAXE450/RAXE500 to V1.0.10.86 or later, RBR/RBS Orbi mesh systems (750/840/850 series) to V4.6.14.3 or later, RBSE960/RBRE960 to V6.3.7.5 or later, XR1000 to V1.0.0.68 or later, and RS700 to V1.0.7.66 or later. Firmware updates are accessible through the individual NETGEAR support pages referenced in the CVE (e.g., https://www.netgear.com/support/product/mr60/, https://www.netgear.com/support/product/rbr850/). As a compensating control pending patching, restrict management interface access to dedicated trusted VLAN segments and disable remote management features if not operationally required - this limits the AV:A attack surface without affecting normal device operation. Physical or logical network segmentation of the device management plane provides meaningful risk reduction given the adjacent-network-only attack vector.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35461
GHSA-5gqq-ch9p-4h64