Skip to main content

NETGEAR Routers CVE-2026-9211

| EUVDEUVD-2026-35458 MEDIUM
Improper Input Validation (CWE-20)
2026-06-09 NETGEAR GHSA-grpw-fvf6-9688
5.2
CVSS 4.0 · Vendor: NETGEAR
Share

Severity by source

Vendor (NETGEAR) PRIMARY
5.2 MEDIUM
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:L/U:Amber

Primary rating from Vendor (NETGEAR) · only source for this CVE.

CVSS VectorVendor: NETGEAR

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:L/U:Amber
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 09, 2026 - 20:03 vuln.today
CVSS changed
Jun 09, 2026 - 17:22 NVD
5.2 (MEDIUM)
CVE Published
Jun 09, 2026 - 15:50 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation.

AnalysisAI

Unauthenticated local-network control of NETGEAR CAX30, RAX30, RAX5, and RAXE300 routers is possible through an authentication bypass rooted in improper input validation (CWE-20). An attacker already present on the local network segment - such as a guest Wi-Fi user, a compromised IoT device, or a rogue actor on the same LAN - can circumvent authentication and gain full administrative control, enabling arbitrary configuration changes, traffic interception, or persistent backdoor installation. No public exploit code has been identified at time of analysis, and NETGEAR has released firmware patches for all four affected product lines.

Technical ContextAI

The vulnerability affects four NETGEAR consumer/prosumer routers - CAX30, RAX30, RAX5, and RAXE300 - identified via CPE strings cpe:2.3:a:netgear:cax30, cpe:2.3:a:netgear:rax30, cpe:2.3:a:netgear:rax5, and cpe:2.3:a:netgear:raxe300. The root cause is CWE-20 (Improper Input Validation), tagged as an Authentication Bypass, meaning the router's management interface fails to properly validate or enforce authentication checks on certain inputs or request paths. This class of flaw typically manifests as missing or bypassable token/session checks, malformed request handling that skips auth gates, or logic flaws where crafted input causes the firmware to treat an unauthenticated request as authorized. The CVSS 4.0 vector confirms no privileges are required (PR:N) and no user interaction is needed (UI:N), but the Attack Requirements metric is set to Present (AT:P), indicating some precondition - such as a specific router state, a particular firmware code path being reachable, or a timing/race condition - must be met for exploitation to succeed.

RemediationAI

The primary remediation is to upgrade to the patched firmware versions released by NETGEAR: RAX5 to V1.0.5.34 or later, CAX30 to V2.2.1.4 or later, RAX30 to V1.0.10.94 or later, and RAXE300 to V1.0.10.72 or later. Firmware can be downloaded and applied via each product's support page (links above). If immediate patching is not possible, restrict access to the router's management interface by disabling remote management and ensuring that only trusted devices are on the LAN segment; this does not eliminate the risk since AV:A includes local network access, but raises the barrier. Isolating untrusted devices (IoT, guest users) onto a separate VLAN or SSID that has no layer-2 visibility to the router's management plane is an effective compensating control - note this may require a managed switch and is not natively available on all NETGEAR home router configurations. Do not rely on WPA2/WPA3 passwords alone as a compensating control, since any authenticated Wi-Fi client on the same segment could be the attacker. Recovery is rated Low effort (RE:L) per CVSS, meaning restoring router settings after an attack is straightforward, but does not address persistence mechanisms an attacker may have installed prior to detection.

Share

CVE-2026-9211 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy