Skip to main content

NETGEAR Gaming Routers CVE-2026-9213

| EUVDEUVD-2026-35455 MEDIUM
Improper Input Validation (CWE-20)
2026-06-09 NETGEAR GHSA-jx2q-67wh-xh52
6.9
CVSS 4.0 · Vendor: NETGEAR
Share

Severity by source

Vendor (NETGEAR) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (NETGEAR) · only source for this CVE.

CVSS VectorVendor: NETGEAR

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 09, 2026 - 20:02 vuln.today
CVSS changed
Jun 09, 2026 - 17:22 NVD
6.9 (MEDIUM)
CVE Published
Jun 09, 2026 - 15:50 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper traffic between the router and the Internet, to execute code on the device.

AnalysisAI

Remote code execution affects NETGEAR gaming routers (XR1000, MR70, MS70, RAXE500) when an attacker holds an on-path man-in-the-middle position between the device and the internet. The CVSS 4.0 vector (AV:N/AC:H/AT:P/PR:N/UI:N) confirms no privileges are needed on the target device but requires both high attack complexity and a specific network prerequisite - the ability to intercept and tamper with upstream traffic. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Technical ContextAI

The root cause is CWE-20 (Improper Input Validation), meaning the router firmware processes data received from the internet without adequate validation, allowing attacker-controlled content to influence execution flow. The CVSS 4.0 'Attack Requirements: Present' (AT:P) metric formally captures the prerequisite of an on-path network position, distinguishing this from straightforward remote exploitation. Affected products confirmed via CPE strings are: cpe:2.3:a:netgear:xr1000, cpe:2.3:a:netgear:mr70, cpe:2.3:a:netgear:ms70, and cpe:2.3:a:netgear:raxe500 - all consumer/gaming-class routers in NETGEAR's lineup. The CVSS confidentiality (VC:H) and integrity (VI:H) impacts, combined with the 'Information Disclosure' tag, suggest the vulnerability may expose sensitive router data in addition to enabling code execution, though the exact vulnerable service or protocol is not identified in available data.

RemediationAI

The primary fix is to update router firmware immediately to the patched versions confirmed by NETGEAR and ENISA EUVD-2026-35455: XR1000 to V1.0.2.86 or later, MR70 to V1.0.4.48 or later, MS70 to V1.0.4.48 or later, and RAXE500 to V1.2.14.114 or later. Firmware updates can be applied via the router's admin interface or NETGEAR's support pages at the product-specific URLs listed in the references. If immediate patching is not possible, a compensating control is to ensure the router's WAN-facing communications are limited to trusted update endpoints using firewall ACLs on upstream infrastructure, reducing the surface for traffic tampering - note this may interfere with legitimate router cloud features. Enabling HTTPS-only communications and verifying certificate pinning behavior in the router's update mechanism (if configurable) may reduce MitM feasibility, though this is not confirmed as effective against this specific flaw. The side effect of restricting WAN traffic is potential loss of NETGEAR cloud services, dynamic DNS, or remote management functionality.

Share

CVE-2026-9213 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy