Skip to main content

R8000P

2 CVEs product

Monthly

CVE-2026-0417 MEDIUM PATCH This Month

Integrity tampering in NETGEAR router and mesh network firmware allows authenticated administrators on the local network to submit insufficiently validated input, modifying the router's configuration or internal state in unintended ways. Affected devices span at least 27 product lines including MR/MS mesh units and R-series routers, all running firmware below specific patched versions identified by NETGEAR (EUVD-2026-35460). No public exploit has been identified at time of analysis, SSVC assigns no active exploitation and non-automatable status, and NETGEAR has released patched firmware across all affected product lines.

Information Disclosure Netgear Mr60 Mr70 Mr80 +24
NVD VulDB
CVSS 4.0
4.3
EPSS
0.1%
CVE-2026-9210 MEDIUM PATCH This Month

Insufficient input validation across 30+ NETGEAR router, range extender, and mesh networking models enables local network-adjacent modification of router software and functionality. The CVSS 4.0 vector assigns PR:N (no privileges required) and AV:A (adjacent network), yet the CVE description scopes the vulnerability to 'authenticated administrators' - the 'Authentication Bypass' tag supplied by NETGEAR suggests the input validation flaw may itself circumvent authentication controls, reconciling this apparent conflict. Integrity impact is rated High (VI:H) against the vulnerable system, meaning successful exploitation allows unauthorized firmware or configuration modification. No public exploit is identified at time of analysis (E:U), and this CVE is not listed in the CISA KEV catalog.

Authentication Bypass Netgear Ex3700 Ex3800 Ex6120 +28
NVD
CVSS 4.0
4.9
EPSS
0.1%
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Integrity tampering in NETGEAR router and mesh network firmware allows authenticated administrators on the local network to submit insufficiently validated input, modifying the router's configuration or internal state in unintended ways. Affected devices span at least 27 product lines including MR/MS mesh units and R-series routers, all running firmware below specific patched versions identified by NETGEAR (EUVD-2026-35460). No public exploit has been identified at time of analysis, SSVC assigns no active exploitation and non-automatable status, and NETGEAR has released patched firmware across all affected product lines.

Information Disclosure Netgear Mr60 +26
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Insufficient input validation across 30+ NETGEAR router, range extender, and mesh networking models enables local network-adjacent modification of router software and functionality. The CVSS 4.0 vector assigns PR:N (no privileges required) and AV:A (adjacent network), yet the CVE description scopes the vulnerability to 'authenticated administrators' - the 'Authentication Bypass' tag supplied by NETGEAR suggests the input validation flaw may itself circumvent authentication controls, reconciling this apparent conflict. Integrity impact is rated High (VI:H) against the vulnerable system, meaning successful exploitation allows unauthorized firmware or configuration modification. No public exploit is identified at time of analysis (E:U), and this CVE is not listed in the CISA KEV catalog.

Authentication Bypass Netgear Ex3700 +30
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy