Skip to main content

Jr6150

2 CVEs product

Monthly

CVE-2026-0419 MEDIUM This Month

OS command injection in NETGEAR JR6150 firmware (all versions ≤ 1.0.1.26) allows locally authenticated or WiFi-connected users to execute arbitrary operating system commands via insufficient input validation (CWE-20). The device reached End-of-Support in 2018 and NETGEAR will not release a patch, leaving all deployments permanently unmitigated. No public exploit code exists and active exploitation has not been confirmed (not listed in CISA KEV), but the perpetual absence of patching makes device replacement the only durable remediation.

Information Disclosure Netgear Jr6150
NVD VulDB
CVSS 4.0
4.4
EPSS
0.1%
CVE-2026-0412 MEDIUM This Month

Insufficient input validation in the NETGEAR JR6150 AC750 router (firmware ≤1.0.1.26) enables authenticated administrators on the local network to make unauthorized modifications to router software and functionality beyond their intended authorization scope. The device reached End-of-Support in 2018 and will receive no security patches. No public exploit code exists and no active exploitation has been identified; however, the device's permanent unpatched status makes risk acceptance or replacement the only long-term posture. The vulnerability was identified through firmware emulation and has not been verified on production hardware.

Authentication Bypass Netgear Jr6150
NVD VulDB
CVSS 4.0
4.3
EPSS
0.0%
EPSS 0% CVSS 4.4
MEDIUM This Month

OS command injection in NETGEAR JR6150 firmware (all versions ≤ 1.0.1.26) allows locally authenticated or WiFi-connected users to execute arbitrary operating system commands via insufficient input validation (CWE-20). The device reached End-of-Support in 2018 and NETGEAR will not release a patch, leaving all deployments permanently unmitigated. No public exploit code exists and active exploitation has not been confirmed (not listed in CISA KEV), but the perpetual absence of patching makes device replacement the only durable remediation.

Information Disclosure Netgear Jr6150
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Insufficient input validation in the NETGEAR JR6150 AC750 router (firmware ≤1.0.1.26) enables authenticated administrators on the local network to make unauthorized modifications to router software and functionality beyond their intended authorization scope. The device reached End-of-Support in 2018 and will receive no security patches. No public exploit code exists and no active exploitation has been identified; however, the device's permanent unpatched status makes risk acceptance or replacement the only long-term posture. The vulnerability was identified through firmware emulation and has not been verified on production hardware.

Authentication Bypass Netgear Jr6150
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy