Search

Find a vulnerability

Search criteria

    278 vulnerabilities found for r7000_firmware by netgear

    CVE-2026-9210 (GCVE-0-2026-9210)

    Vulnerability from nvd – Published: 2026-06-09 15:50 – Updated: 2026-06-11 05:38
    VLAI
    Title
    Certain NETGEAR routers allow authenticated administrators to gain unintended control of the router
    Summary
    Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper input validation
    Assigner
    References
    URL Tags
    https://www.netgear.com/support/product/ex3700/ productpatch
    https://www.netgear.com/support/product/ex3800/ productpatch
    https://www.netgear.com/support/product/ex6120/ productpatch
    https://www.netgear.com/support/product/mr60/ productpatch
    https://www.netgear.com/support/product/ex6130/ productpatch
    https://www.netgear.com/support/product/ms70/ productpatch
    https://www.netgear.com/support/product/ms60/ productpatch
    https://www.netgear.com/support/product/mr80/ productpatch
    https://www.netgear.com/support/product/ms80/ productpatch
    https://www.netgear.com/support/product/mr70/ productpatch
    https://www.netgear.com/support/product/r6400v2/ productpatch
    https://www.netgear.com/support/product/r6700v3/ productpatch
    https://www.netgear.com/support/product/r6900p/ productpatch
    https://www.netgear.com/support/product/r7960p/ productpatch
    https://www.netgear.com/support/product/r7000p/ productpatch
    https://www.netgear.com/support/product/r8000p/ productpatch
    https://www.netgear.com/support/product/r8500/ product
    https://www.netgear.com/support/product/rax48/ productpatch
    https://www.netgear.com/support/product/r7000/ productpatch
    https://www.netgear.com/support/product/rax40v2/ productpatch
    https://www.netgear.com/support/product/rax20/ productpatch
    https://www.netgear.com/support/product/rax35v2/ productpatch
    https://www.netgear.com/support/product/rax41/ productpatch
    https://www.netgear.com/support/product/rax42/ productpatch
    https://www.netgear.com/support/product/rax45/ productpatch
    https://www.netgear.com/support/product/rax50/ productpatch
    https://www.netgear.com/support/product/rax43/ productpatch
    https://www.netgear.com/support/product/rax50s/ productpatch
    https://www.netgear.com/support/product/raxe450/ productpatch
    https://www.netgear.com/support/product/raxe500/ productpatch
    https://www.netgear.com/support/product/xr1000/ productpatch
    https://kb.netgear.com/000070811/June-2026-NETGEA… vendor-advisory
    Impacted products
    Vendor Product Version
    NETGEAR EX3700 Affected: 0 , < V1.0.0.100 (custom)
    Create a notification for this product.
    NETGEAR EX3800 Affected: 0 , < V1.0.0.100 (custom)
    Create a notification for this product.
    NETGEAR EX6120 Affected: 0 , < V1.0.0.72 (custom)
    Create a notification for this product.
    NETGEAR EX6130 Affected: 0 , < V1.0.0.54 (custom)
    Create a notification for this product.
    NETGEAR MR60 Affected: 0 , < V1.1.7.132 (custom)
    Create a notification for this product.
    NETGEAR MR70 Affected: 0 , < V1.0.3.28 (custom)
    Create a notification for this product.
    NETGEAR MR80 Affected: 0 , < V1.1.7.14 (custom)
    Create a notification for this product.
    NETGEAR MS60 Affected: 0 , < V1.1.7.132 (custom)
    Create a notification for this product.
    NETGEAR MS70 Affected: 0 , < V1.0.3.28 (custom)
    Create a notification for this product.
    NETGEAR MS80 Affected: 0 , < V1.1.7.14 (custom)
    Create a notification for this product.
    NETGEAR R6400v2 Affected: 0 , < V1.0.4.128 (custom)
    Create a notification for this product.
    NETGEAR R6700v3 Affected: 0 , < V1.0.4.128 (custom)
    Create a notification for this product.
    NETGEAR R6900P Affected: 0 , < V1.3.3.152 (custom)
    Create a notification for this product.
    NETGEAR R7000 Affected: 0 , < V1.0.11.216 (custom)
    Create a notification for this product.
    NETGEAR R7000P Affected: 0 , < V1.3.3.152 (custom)
    Create a notification for this product.
    NETGEAR R7960P Affected: 0 , < V1.4.4.92 (custom)
    Create a notification for this product.
    NETGEAR R8000P Affected: 0 , < V1.4.4.92 (custom)
    Create a notification for this product.
    NETGEAR R8500 Affected: 0 , ≤ 1.0.2.160 (custom)
    Create a notification for this product.
    NETGEAR RAX20 Affected: 0 , < V1.0.18.144 (custom)
    Create a notification for this product.
    NETGEAR RAX35v2 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX40v2 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX41 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX42 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX43 Affected: 0 , < V1.0.12.120 (custom)
    Create a notification for this product.
    NETGEAR RAX45 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX48 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX50 Affected: 0 , < V1.0.12.120 (custom)
    Create a notification for this product.
    NETGEAR RAX50S Affected: 0 , < V1.0.12.120 (custom)
    Create a notification for this product.
    NETGEAR RAXE450 Affected: 0 , < V1.0.10.86 (custom)
    Create a notification for this product.
    NETGEAR RAXE500 Affected: 0 , < V1.0.10.86 (custom)
    Create a notification for this product.
    NETGEAR XR1000 Affected: 0 , < V1.0.0.68 (custom)
    Create a notification for this product.
    Date Public
    2026-06-09 00:00
    Credits
    pjqwudi
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9210",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T18:03:30.063423Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T18:39:39.151Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "EX3700",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.0.100",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EX3800",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.0.100",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EX6120",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.0.72",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EX6130",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.0.54",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MR60",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.7.132",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MR70",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.3.28",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MR80",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.7.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MS60",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.7.132",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MS70",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.3.28",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MS80",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.7.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R6400v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.4.128",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R6700v3",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.4.128",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R6900P",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.3.3.152",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R7000",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.11.216",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R7000P",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.3.3.152",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R7960P",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.4.4.92",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R8000P",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.4.4.92",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R8500",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.2.160",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX20",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.18.144",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX35v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX40v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX41",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX42",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX43",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.120",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX45",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX48",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX50",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.120",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX50S",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.120",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAXE450",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.10.86",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAXE500",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.10.86",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "XR1000",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.0.68",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:ex3700:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.0.100",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:ex3800:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.0.100",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:ex6120:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.0.72",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:ex6130:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.0.54",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:mr60:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.1.7.132",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:mr70:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.3.28",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:mr80:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.1.7.14",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:ms60:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.1.7.132",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:ms70:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.3.28",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:ms80:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.1.7.14",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r6400v2:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.4.128",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r6700v3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.4.128",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r6900p:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.3.3.152",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r7000:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.11.216",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r7000p:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.3.3.152",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r7960p:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.4.4.92",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r8000p:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.4.4.92",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r8500:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "*",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax20:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.18.144",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax35v2:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.118",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax40v2:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.118",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax41:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.118",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax42:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.118",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax43:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.120",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax45:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.118",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax48:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.118",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax50:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.120",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax50s:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.120",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:raxe450:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.10.86",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:raxe500:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.10.86",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:xr1000:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.0.68",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "pjqwudi"
            }
          ],
          "datePublic": "2026-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cp\u003eInsufficient input validation vulnerability in the\u0026nbsp;listed NETGEAR models allows\u0026nbsp;authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.\u003c/p\u003e\u003c/div\u003e"
                }
              ],
              "value": "Insufficient input validation vulnerability in the\u00a0listed NETGEAR models allows\u00a0authenticated administrators connected to the local network to make unauthorized modification of router software and functionality."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper input validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-11T05:38:03.646Z",
            "orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
            "shortName": "NETGEAR"
          },
          "references": [
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ex3700/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ex3800/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ex6120/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/mr60/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ex6130/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ms70/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ms60/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/mr80/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ms80/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/mr70/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r6400v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r6700v3/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r6900p/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r7960p/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r7000p/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r8000p/"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.netgear.com/support/product/r8500/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax48/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r7000/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax40v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax20/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax35v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax41/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax42/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax45/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax50/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax43/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax50s/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/raxe450/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/raxe500/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/xr1000/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDevices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\u003c/p\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eProduct\u003c/th\u003e\u003cth\u003eFixed Version\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eEX3700\u003c/b\u003e AC750 WiFi Range Extender Essentials Edition\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ex3700/\"\u003eV1.0.0.100\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eEX3800 (EoS)\u003c/b\u003e AC750 WiFi Range Extender Essentials Edition\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ex3800/\"\u003eV1.0.0.100\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eEX6120\u003c/b\u003e AC1200 Dual Band WiFi Range Extender\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ex6120/\"\u003eV1.0.0.72\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eEX6130\u003c/b\u003e AC1200 WiFi Range Extender\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ex6130/\"\u003eV1.0.0.54\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMR60\u003c/b\u003e Nighthawk Mesh WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/mr60/\"\u003eV1.1.7.132\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMR70\u003c/b\u003e Nighthawk Mesh WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/mr70/\"\u003eV1.0.3.28\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMR80\u003c/b\u003e Nighthawk Tri-band Mesh WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/mr80/\"\u003eV1.1.7.14\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMS60\u003c/b\u003e Nighthawk Mesh WiFi 6 Add-on Satellite\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ms60/\"\u003eV1.1.7.132\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMS70\u003c/b\u003e Nighthawk Mesh WiFi 6 Add-on Satellite\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ms70/\"\u003eV1.0.3.28\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMS80\u003c/b\u003e Nighthawk Tri-band Mesh WiFi 6 Add-on Satellite\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ms80/\"\u003eV1.1.7.14\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR6400v2 (EoS)\u003c/b\u003e AC1750 Smart WiFi Router 802.11ac Dual Band Gigabit\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r6400v2/\"\u003eV1.0.4.128\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR6700v3 (EoS)\u003c/b\u003e Nighthawk AC1750 Smart WiFi Dual Band Gigabit Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r6700v3/\"\u003eV1.0.4.128\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR6900P (EoS)\u003c/b\u003e Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r6900p/\"\u003eV1.3.3.152\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR7000 (EoS)\u003c/b\u003e Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r7000/\"\u003eV1.0.11.216\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR7000P (EoS)\u003c/b\u003e Nighthawk AC2300 Smart WiFi Dual Band Gigabit Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r7000p/\"\u003eV1.3.3.152\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR7960P (EoS)\u003c/b\u003e Nighthawk X6S AC3600 Tri-Band WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r7960p/\"\u003eV1.4.4.92\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR8000P (EoS)\u003c/b\u003e Nighthawk X6S AC4000 Tri Band WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r8000p/\"\u003eV1.4.4.92\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR8500 (EoS)\u003c/b\u003e Nighthawk X8 AC5300 Smart WiFi Router\u003c/td\u003e\u003ctd\u003eEOS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX20 (EoS)\u003c/b\u003e 4-Stream AX1800 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax20/\"\u003eV1.0.18.144\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX35v2\u003c/b\u003e Nighthawk AX4 4-Stream AX3000 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax35v2/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX40v2\u003c/b\u003e Nighthawk AX4 4-Stream WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax40v2/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX41 (EoS)\u003c/b\u003e Nighthawk AX5 5-Stream AX3600 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax41/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX42 (EoS)\u003c/b\u003e Nighthawk AX5 5-Stream AX4200 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax42/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX43 (EoS)\u003c/b\u003e Nighthawk AX5 5-Stream AX4200 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax43/\"\u003eV1.0.12.120\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX45 (EoS)\u003c/b\u003e Nighthawk AX6 6-Stream AX4300 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax45/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX48\u003c/b\u003e Nighthawk AX6 6-Stream AX5200 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax48/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX50\u003c/b\u003e Nighthawk AX6 6-Stream AX5400 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax50/\"\u003eV1.0.12.120\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX50S\u003c/b\u003e Nighthawk AX6 6-Stream AX5400 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax50s/\"\u003eV1.0.12.120\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAXE450\u003c/b\u003e Nighthawk AXE10000 Tri-Band WiFi 6E Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/raxe450/\"\u003eV1.0.10.86\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAXE500\u003c/b\u003e Nighthawk AX12 12-Stream AXE11000 Tri-Band WiFi 6E Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/raxe500/\"\u003eV1.0.10.86\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eXR1000\u003c/b\u003e Nighthawk WiFi 6 Pro Gaming Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/xr1000/\"\u003eV1.0.0.68\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003eModels marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support.\u003c/p\u003e"
                }
              ],
              "value": "Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\n\nProductFixed VersionEX3700 AC750 WiFi Range Extender Essentials Edition V1.0.0.100 https://www.netgear.com/support/product/ex3700/ EX3800 (EoS) AC750 WiFi Range Extender Essentials Edition V1.0.0.100 https://www.netgear.com/support/product/ex3800/ EX6120 AC1200 Dual Band WiFi Range Extender V1.0.0.72 https://www.netgear.com/support/product/ex6120/ EX6130 AC1200 WiFi Range Extender V1.0.0.54 https://www.netgear.com/support/product/ex6130/ MR60 Nighthawk Mesh WiFi 6 Router V1.1.7.132 https://www.netgear.com/support/product/mr60/ MR70 Nighthawk Mesh WiFi 6 Router V1.0.3.28 https://www.netgear.com/support/product/mr70/ MR80 Nighthawk Tri-band Mesh WiFi 6 Router V1.1.7.14 https://www.netgear.com/support/product/mr80/ MS60 Nighthawk Mesh WiFi 6 Add-on Satellite V1.1.7.132 https://www.netgear.com/support/product/ms60/ MS70 Nighthawk Mesh WiFi 6 Add-on Satellite V1.0.3.28 https://www.netgear.com/support/product/ms70/ MS80 Nighthawk Tri-band Mesh WiFi 6 Add-on Satellite V1.1.7.14 https://www.netgear.com/support/product/ms80/ R6400v2 (EoS) AC1750 Smart WiFi Router 802.11ac Dual Band Gigabit V1.0.4.128 https://www.netgear.com/support/product/r6400v2/ R6700v3 (EoS) Nighthawk AC1750 Smart WiFi Dual Band Gigabit Router V1.0.4.128 https://www.netgear.com/support/product/r6700v3/ R6900P (EoS) Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router V1.3.3.152 https://www.netgear.com/support/product/r6900p/ R7000 (EoS) Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router V1.0.11.216 https://www.netgear.com/support/product/r7000/ R7000P (EoS) Nighthawk AC2300 Smart WiFi Dual Band Gigabit Router V1.3.3.152 https://www.netgear.com/support/product/r7000p/ R7960P (EoS) Nighthawk X6S AC3600 Tri-Band WiFi Router V1.4.4.92 https://www.netgear.com/support/product/r7960p/ R8000P (EoS) Nighthawk X6S AC4000 Tri Band WiFi Router V1.4.4.92 https://www.netgear.com/support/product/r8000p/ R8500 (EoS) Nighthawk X8 AC5300 Smart WiFi RouterEOSRAX20 (EoS) 4-Stream AX1800 WiFi 6 Router V1.0.18.144 https://www.netgear.com/support/product/rax20/ RAX35v2 Nighthawk AX4 4-Stream AX3000 WiFi 6 Router V1.0.12.118 https://www.netgear.com/support/product/rax35v2/ RAX40v2 Nighthawk AX4 4-Stream WiFi Router V1.0.12.118 https://www.netgear.com/support/product/rax40v2/ RAX41 (EoS) Nighthawk AX5 5-Stream AX3600 WiFi Router V1.0.12.118 https://www.netgear.com/support/product/rax41/ RAX42 (EoS) Nighthawk AX5 5-Stream AX4200 WiFi Router V1.0.12.118 https://www.netgear.com/support/product/rax42/ RAX43 (EoS) Nighthawk AX5 5-Stream AX4200 WiFi Router V1.0.12.120 https://www.netgear.com/support/product/rax43/ RAX45 (EoS) Nighthawk AX6 6-Stream AX4300 WiFi Router V1.0.12.118 https://www.netgear.com/support/product/rax45/ RAX48 Nighthawk AX6 6-Stream AX5200 WiFi 6 Router V1.0.12.118 https://www.netgear.com/support/product/rax48/ RAX50 Nighthawk AX6 6-Stream AX5400 WiFi 6 Router V1.0.12.120 https://www.netgear.com/support/product/rax50/ RAX50S Nighthawk AX6 6-Stream AX5400 WiFi 6 Router V1.0.12.120 https://www.netgear.com/support/product/rax50s/ RAXE450 Nighthawk AXE10000 Tri-Band WiFi 6E Router V1.0.10.86 https://www.netgear.com/support/product/raxe450/ RAXE500 Nighthawk AX12 12-Stream AXE11000 Tri-Band WiFi 6E Router V1.0.10.86 https://www.netgear.com/support/product/raxe500/ XR1000 Nighthawk WiFi 6 Pro Gaming Router V1.0.0.68 https://www.netgear.com/support/product/xr1000/ \n\nModels marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Certain NETGEAR routers allow authenticated administrators to gain unintended control of the router",
          "x_generator": {
            "engine": "Vulnogram 1.0.3"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
        "assignerShortName": "NETGEAR",
        "cveId": "CVE-2026-9210",
        "datePublished": "2026-06-09T15:50:48.947Z",
        "dateReserved": "2026-05-21T17:29:00.866Z",
        "dateUpdated": "2026-06-11T05:38:03.646Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0417 (GCVE-0-2026-0417)

    Vulnerability from nvd – Published: 2026-06-09 15:50 – Updated: 2026-06-10 15:49
    VLAI
    Title
    Insufficient input validation in certain NETGEAR routers
    Summary
    Insufficient input validation vulnerability in the listed NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper input validation
    Assigner
    References
    URL Tags
    https://www.netgear.com/support/product/mr70/ productpatch
    https://www.netgear.com/support/product/mr80/ productpatch
    https://www.netgear.com/support/product/mr60/ productpatch
    https://www.netgear.com/support/product/ms60/ productpatch
    https://www.netgear.com/support/product/ms80/ productpatch
    https://www.netgear.com/support/product/r6400v2/ productpatch
    https://www.netgear.com/support/product/ms70/ productpatch
    https://www.netgear.com/support/product/r6700v3/ productpatch
    https://www.netgear.com/support/product/r7000/ productpatch
    https://www.netgear.com/support/product/r6900p/ productpatch
    https://www.netgear.com/support/product/r8000p/ productpatch
    https://www.netgear.com/support/product/r8500/ productpatch
    https://www.netgear.com/support/product/rax40v2/ productpatch
    https://www.netgear.com/support/product/rax42/ productpatch
    https://www.netgear.com/support/product/rax35v2/ productpatch
    https://www.netgear.com/support/product/rax41/ productpatch
    https://www.netgear.com/support/product/rax20/ productpatch
    https://www.netgear.com/support/product/rax43/ productpatch
    https://www.netgear.com/support/product/r7960p/ productpatch
    https://www.netgear.com/support/product/r7000p/ productpatch
    https://www.netgear.com/support/product/rax45/ productpatch
    https://www.netgear.com/support/product/rax48/ productpatch
    https://www.netgear.com/support/product/raxe450/ productpatch
    https://www.netgear.com/support/product/rax50s/ productpatch
    https://www.netgear.com/support/product/xr1000/ productpatch
    https://www.netgear.com/support/product/rax50/ productpatch
    https://www.netgear.com/support/product/raxe500/ productpatch
    https://kb.netgear.com/000070811/June-2026-NETGEA… vendor-advisory
    Impacted products
    Vendor Product Version
    NETGEAR MR60 Affected: 0 , < V1.1.7.132 (custom)
    Create a notification for this product.
    NETGEAR MR70 Affected: 0 , < V1.0.3.28 (custom)
    Create a notification for this product.
    NETGEAR MR80 Affected: 0 , < V1.1.7.14 (custom)
    Create a notification for this product.
    NETGEAR MS60 Affected: 0 , < V1.1.7.132 (custom)
    Create a notification for this product.
    NETGEAR MS70 Affected: 0 , < V1.0.3.28 (custom)
    Create a notification for this product.
    NETGEAR MS80 Affected: 0 , < V1.1.7.14 (custom)
    Create a notification for this product.
    NETGEAR R6400v2 Affected: 0 , < V1.0.4.128 (custom)
    Create a notification for this product.
    NETGEAR R6700v3 Affected: 0 , < V1.0.4.128 (custom)
    Create a notification for this product.
    NETGEAR R6900P Affected: 0 , < V1.3.3.152 (custom)
    Create a notification for this product.
    NETGEAR R7000 Affected: 0 , < V1.0.11.216 (custom)
    Create a notification for this product.
    NETGEAR R7000P Affected: 0 , < V1.3.3.152 (custom)
    Create a notification for this product.
    NETGEAR R7960P Affected: 0 , < V1.4.4.92 (custom)
    Create a notification for this product.
    NETGEAR R8000P Affected: 0 , < V1.4.4.92 (custom)
    Create a notification for this product.
    NETGEAR R8500 Affected: 0 , ≤ 1.0.2.160 (custom)
    Create a notification for this product.
    NETGEAR RAX20 Affected: 0 , < V1.0.18.144 (custom)
    Create a notification for this product.
    NETGEAR RAX35v2 Affected: 0 , < V1.0.16.132 (custom)
    Create a notification for this product.
    NETGEAR RAX40v2 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX41 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX42 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX43 Affected: 0 , < V1.0.12.120 (custom)
    Create a notification for this product.
    NETGEAR RAX45 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX48 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX50 Affected: 0 , < V1.0.12.120 (custom)
    Create a notification for this product.
    NETGEAR RAX50S Affected: 0 , < V1.0.12.120 (custom)
    Create a notification for this product.
    NETGEAR RAXE450 Affected: 0 , < V1.0.10.86 (custom)
    Create a notification for this product.
    NETGEAR RAXE500 Affected: 0 , < V1.0.10.86 (custom)
    Create a notification for this product.
    NETGEAR XR1000 Affected: 0 , < V1.0.0.68 (custom)
    Create a notification for this product.
    Date Public
    2026-06-09 00:00
    Credits
    pjqwudi
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0417",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T17:10:42.291794Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T17:10:51.031Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MR60",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.7.132",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MR70",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.3.28",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MR80",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.7.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MS60",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.7.132",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MS70",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.3.28",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MS80",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.7.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R6400v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.4.128",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R6700v3",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.4.128",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R6900P",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.3.3.152",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R7000",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.11.216",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R7000P",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.3.3.152",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R7960P",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.4.4.92",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R8000P",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.4.4.92",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R8500",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.2.160",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX20",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.18.144",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX35v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.16.132",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX40v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX41",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX42",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX43",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.120",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX45",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX48",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX50",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.120",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX50S",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.120",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAXE450",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.10.86",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAXE500",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.10.86",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "XR1000",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.0.68",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "pjqwudi"
            }
          ],
          "datePublic": "2026-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eInsufficient input validation vulnerability in the listed NETGEAR\u0026nbsp;devices\u0026nbsp;allows\nauthenticated administrators connected to the local network to\u0026nbsp;tamper with\nthe router\u0027s integrity. \u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "Insufficient input validation vulnerability in the listed NETGEAR\u00a0devices\u00a0allows\nauthenticated administrators connected to the local network to\u00a0tamper with\nthe router\u0027s integrity."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper input validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T15:49:33.259Z",
            "orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
            "shortName": "NETGEAR"
          },
          "references": [
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/mr70/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/mr80/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/mr60/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ms60/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ms80/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r6400v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ms70/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r6700v3/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r7000/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r6900p/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r8000p/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r8500/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax40v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax42/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax35v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax41/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax20/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax43/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r7960p/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r7000p/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax45/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax48/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/raxe450/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax50s/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/xr1000/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax50/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/raxe500/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDevices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\u003c/p\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eProduct\u003c/th\u003e\u003cth\u003eFixed Version\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMR60\u003c/b\u003e Nighthawk Mesh WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/mr60/\"\u003eV1.1.7.132\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMR70\u003c/b\u003e Nighthawk Mesh WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/mr70/\"\u003eV1.0.3.28\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMR80\u003c/b\u003e Nighthawk Tri-band Mesh WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/mr80/\"\u003eV1.1.7.14\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMS60\u003c/b\u003e Nighthawk Mesh WiFi 6 Add-on Satellite\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ms60/\"\u003eV1.1.7.132\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMS70\u003c/b\u003e Nighthawk Mesh WiFi 6 Add-on Satellite\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ms70/\"\u003eV1.0.3.28\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMS80\u003c/b\u003e Nighthawk Tri-band Mesh WiFi 6 Add-on Satellite\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ms80/\"\u003eV1.1.7.14\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR6400v2 (EoS)\u003c/b\u003e AC1750 Smart WiFi Router 802.11ac Dual Band Gigabit\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r6400v2/\"\u003eV1.0.4.128\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR6700v3 (EoS)\u003c/b\u003e Nighthawk AC1750 Smart WiFi Dual Band Gigabit Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r6700v3/\"\u003eV1.0.4.128\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR6900P (EoS)\u003c/b\u003e Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r6900p/\"\u003eV1.3.3.152\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR7000 (EoS)\u003c/b\u003e Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r7000/\"\u003eV1.0.11.216\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR7000P (EoS)\u003c/b\u003e Nighthawk AC2300 Smart WiFi Dual Band Gigabit Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r7000p/\"\u003eV1.3.3.152\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR7960P (EoS)\u003c/b\u003e Nighthawk X6S AC3600 Tri-Band WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r7960p/\"\u003eV1.4.4.92\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR8000P (EoS)\u003c/b\u003e Nighthawk X6S AC4000 Tri Band WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r8000p/\"\u003eV1.4.4.92\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR8500 (EoS)\u003c/b\u003e Nighthawk X8 AC5300 Smart WiFi Router\u003c/td\u003e\u003ctd\u003eEOS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX20 (EoS)\u003c/b\u003e 4-Stream AX1800 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax20/\"\u003eV1.0.18.144\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX35v2\u003c/b\u003e Nighthawk AX4 4-Stream AX3000 WiFi 6 Router\u003c/td\u003e\u003ctd\u003eV1.0.16.132\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX40v2\u003c/b\u003e Nighthawk AX4 4-Stream WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax40v2/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX41 (EoS)\u003c/b\u003e Nighthawk AX5 5-Stream AX3600 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax41/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX42 (EoS)\u003c/b\u003e Nighthawk AX5 5-Stream AX4200 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax42/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX43 (EoS)\u003c/b\u003e Nighthawk AX5 5-Stream AX4200 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax43/\"\u003eV1.0.12.120\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX45 (EoS)\u003c/b\u003e Nighthawk AX6 6-Stream AX4300 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax45/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX48\u003c/b\u003e Nighthawk AX6 6-Stream AX5200 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax48/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX50\u003c/b\u003e Nighthawk AX6 6-Stream AX5400 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax50/\"\u003eV1.0.12.120\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX50S\u003c/b\u003e Nighthawk AX6 6-Stream AX5400 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax50s/\"\u003eV1.0.12.120\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAXE450\u003c/b\u003e Nighthawk AXE10000 Tri-Band WiFi 6E Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/raxe450/\"\u003eV1.0.10.86\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAXE500\u003c/b\u003e Nighthawk AX12 12-Stream AXE11000 Tri-Band WiFi 6E Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/raxe500/\"\u003eV1.0.10.86\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eXR1000\u003c/b\u003e Nighthawk WiFi 6 Pro Gaming Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/xr1000/\"\u003eV1.0.0.68\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003eModels marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support.\u003c/p\u003e"
                }
              ],
              "value": "Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\n\nProductFixed VersionMR60 Nighthawk Mesh WiFi 6 Router V1.1.7.132 https://www.netgear.com/support/product/mr60/ MR70 Nighthawk Mesh WiFi 6 Router V1.0.3.28 https://www.netgear.com/support/product/mr70/ MR80 Nighthawk Tri-band Mesh WiFi 6 Router V1.1.7.14 https://www.netgear.com/support/product/mr80/ MS60 Nighthawk Mesh WiFi 6 Add-on Satellite V1.1.7.132 https://www.netgear.com/support/product/ms60/ MS70 Nighthawk Mesh WiFi 6 Add-on Satellite V1.0.3.28 https://www.netgear.com/support/product/ms70/ MS80 Nighthawk Tri-band Mesh WiFi 6 Add-on Satellite V1.1.7.14 https://www.netgear.com/support/product/ms80/ R6400v2 (EoS) AC1750 Smart WiFi Router 802.11ac Dual Band Gigabit V1.0.4.128 https://www.netgear.com/support/product/r6400v2/ R6700v3 (EoS) Nighthawk AC1750 Smart WiFi Dual Band Gigabit Router V1.0.4.128 https://www.netgear.com/support/product/r6700v3/ R6900P (EoS) Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router V1.3.3.152 https://www.netgear.com/support/product/r6900p/ R7000 (EoS) Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router V1.0.11.216 https://www.netgear.com/support/product/r7000/ R7000P (EoS) Nighthawk AC2300 Smart WiFi Dual Band Gigabit Router V1.3.3.152 https://www.netgear.com/support/product/r7000p/ R7960P (EoS) Nighthawk X6S AC3600 Tri-Band WiFi Router V1.4.4.92 https://www.netgear.com/support/product/r7960p/ R8000P (EoS) Nighthawk X6S AC4000 Tri Band WiFi Router V1.4.4.92 https://www.netgear.com/support/product/r8000p/ R8500 (EoS) Nighthawk X8 AC5300 Smart WiFi RouterEOSRAX20 (EoS) 4-Stream AX1800 WiFi 6 Router V1.0.18.144 https://www.netgear.com/support/product/rax20/ RAX35v2 Nighthawk AX4 4-Stream AX3000 WiFi 6 RouterV1.0.16.132RAX40v2 Nighthawk AX4 4-Stream WiFi Router V1.0.12.118 https://www.netgear.com/support/product/rax40v2/ RAX41 (EoS) Nighthawk AX5 5-Stream AX3600 WiFi Router V1.0.12.118 https://www.netgear.com/support/product/rax41/ RAX42 (EoS) Nighthawk AX5 5-Stream AX4200 WiFi Router V1.0.12.118 https://www.netgear.com/support/product/rax42/ RAX43 (EoS) Nighthawk AX5 5-Stream AX4200 WiFi Router V1.0.12.120 https://www.netgear.com/support/product/rax43/ RAX45 (EoS) Nighthawk AX6 6-Stream AX4300 WiFi Router V1.0.12.118 https://www.netgear.com/support/product/rax45/ RAX48 Nighthawk AX6 6-Stream AX5200 WiFi 6 Router V1.0.12.118 https://www.netgear.com/support/product/rax48/ RAX50 Nighthawk AX6 6-Stream AX5400 WiFi 6 Router V1.0.12.120 https://www.netgear.com/support/product/rax50/ RAX50S Nighthawk AX6 6-Stream AX5400 WiFi 6 Router V1.0.12.120 https://www.netgear.com/support/product/rax50s/ RAXE450 Nighthawk AXE10000 Tri-Band WiFi 6E Router V1.0.10.86 https://www.netgear.com/support/product/raxe450/ RAXE500 Nighthawk AX12 12-Stream AXE11000 Tri-Band WiFi 6E Router V1.0.10.86 https://www.netgear.com/support/product/raxe500/ XR1000 Nighthawk WiFi 6 Pro Gaming Router V1.0.0.68 https://www.netgear.com/support/product/xr1000/ \n\nModels marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Insufficient input validation in certain NETGEAR routers",
          "x_generator": {
            "engine": "Vulnogram 1.0.3"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
        "assignerShortName": "NETGEAR",
        "cveId": "CVE-2026-0417",
        "datePublished": "2026-06-09T15:50:49.507Z",
        "dateReserved": "2025-12-03T04:16:24.254Z",
        "dateUpdated": "2026-06-10T15:49:33.259Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0410 (GCVE-0-2026-0410)

    Vulnerability from nvd – Published: 2026-06-09 15:41 – Updated: 2026-06-10 15:24
    VLAI
    Title
    Insufficient input validation in certain NETGEAR routers
    Summary
    Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Insufficient input validation
    Assigner
    Impacted products
    Vendor Product Version
    NETGEAR R7000 Affected: 0 , < V1.0.11.216 (custom)
    Create a notification for this product.
    NETGEAR RAX20 Affected: 0 , < V1.0.18.144 (custom)
    Create a notification for this product.
    NETGEAR RAX35v2 Affected: 0 , < V1.0.16.132 (custom)
    Create a notification for this product.
    NETGEAR RAX41 Affected: 0 , < V1.0.16.132 (custom)
    Create a notification for this product.
    NETGEAR RAX41v2 Affected: 0 , < V1.1.4.28 (custom)
    Create a notification for this product.
    NETGEAR RAX42 Affected: 0 , < V1.0.16.132 (custom)
    Create a notification for this product.
    NETGEAR RAX42v2 Affected: 0 , < V1.1.4.28 (custom)
    Create a notification for this product.
    NETGEAR RAX43 Affected: 0 , < V1.0.16.132 (custom)
    Create a notification for this product.
    NETGEAR RAX43v2 Affected: 0 , < V1.1.4.28 (custom)
    Create a notification for this product.
    NETGEAR RAX45 Affected: 0 , < V1.0.16.132 (custom)
    Create a notification for this product.
    NETGEAR RAX49S Affected: 0 , < V1.1.4.28 (custom)
    Create a notification for this product.
    NETGEAR RAX50 Affected: 0 , < V1.0.16.132 (custom)
    Create a notification for this product.
    NETGEAR RAX50S Affected: 0 , < V1.0.16.132 (custom)
    Create a notification for this product.
    NETGEAR RAX50v2 Affected: 0 , < V1.1.4.28 (custom)
    Create a notification for this product.
    NETGEAR RAX54Sv2 Affected: 0 , < V1.1.4.28 (custom)
    Create a notification for this product.
    NETGEAR RAX54v2 Affected: 0 , < V1.1.4.28 (custom)
    Create a notification for this product.
    NETGEAR RAXE450 Affected: 0 , < V1.2.14.114 (custom)
    Create a notification for this product.
    NETGEAR RAXE500 Affected: 0 , < V1.2.14.114 (custom)
    Create a notification for this product.
    NETGEAR XR1000 Affected: 0 , < V1.1.0.22 (custom)
    Create a notification for this product.
    NETGEAR XR1000v2 Affected: 0 , < V1.1.0.22 (custom)
    Create a notification for this product.
    Date Public
    2026-06-09 00:00
    Credits
    SmallS
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0410",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T17:27:32.030390Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T18:40:24.087Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "R7000",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.11.216",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX20",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.18.144",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX35v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.16.132",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX41",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.16.132",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX41v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.4.28",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX42",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.16.132",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX42v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.4.28",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX43",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.16.132",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX43v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.4.28",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX45",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.16.132",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX49S",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.4.28",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX50",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.16.132",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX50S",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.16.132",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX50v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.4.28",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX54Sv2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.4.28",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX54v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.4.28",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAXE450",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.2.14.114",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAXE500",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.2.14.114",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "XR1000",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.0.22",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "XR1000v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.0.22",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "SmallS"
            }
          ],
          "datePublic": "2026-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eAuthenticated administrators connected to the local network can gain \nelevated access to the router and make unauthorized changes to router \nsoftware and functionality.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "Authenticated administrators connected to the local network can gain \nelevated access to the router and make unauthorized changes to router \nsoftware and functionality."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 1.9,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Insufficient input validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T15:24:02.912Z",
            "orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
            "shortName": "NETGEAR"
          },
          "references": [
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax20/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r7000/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax35v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax41/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax41v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax42v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax42/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax43/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax43v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax45/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/raxe450/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax50s/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax50/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax54sv2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/xr1000/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/xr1000v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax50v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax49s/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/raxe500/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDevices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\u003c/p\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eProduct\u003c/th\u003e\u003cth\u003eFixed Version\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR7000 (EoS)\u003c/b\u003e Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r7000/\"\u003eV1.0.11.216\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX20 (EoS)\u003c/b\u003e 4-Stream AX1800 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax20/\"\u003eV1.0.18.144\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX35v2\u003c/b\u003e Nighthawk AX4 4-Stream AX3000 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax35v2/\"\u003eV1.0.16.132\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX41 (EoS)\u003c/b\u003e Nighthawk AX5 5-Stream AX3600 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax41/\"\u003eV1.0.16.132\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX41v2\u003c/b\u003e Nighthawk AX5 5-Stream AX3600 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax41v2/\"\u003eV1.1.4.28\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX42 (EoS)\u003c/b\u003e Nighthawk AX5 5-Stream AX4200 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax42/\"\u003eV1.0.16.132\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX42v2\u003c/b\u003e Nighthawk AX5 5-Stream AX4200 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax42v2/\"\u003eV1.1.4.28\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX43 (EoS)\u003c/b\u003e Nighthawk AX5 5-Stream AX4200 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax43/\"\u003eV1.0.16.132\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX43v2\u003c/b\u003e Nighthawk AX5 5-Stream AX4200 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax43v2/\"\u003eV1.1.4.28\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX45 (EoS)\u003c/b\u003e Nighthawk AX6 6-Stream AX4300 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax45/\"\u003eV1.0.16.132\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX49S\u003c/b\u003e Nighthawk AX6 6-Stream AX5300 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax49s/\"\u003eV1.1.4.28\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX50\u003c/b\u003e Nighthawk AX6 6-Stream AX5400 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax50/\"\u003eV1.0.16.132\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX50S\u003c/b\u003e Nighthawk AX6 6-Stream AX5400 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax50s/\"\u003eV1.0.16.132\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX50v2\u003c/b\u003e Nighthawk AX6 6-Stream AX5400 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax50v2/\"\u003eV1.1.4.28\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX54Sv2\u003c/b\u003e Nighthawk AX6 6-Stream AX5400 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax54sv2/\"\u003eV1.1.4.28\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX54v2\u003c/b\u003e\u003c/td\u003e\u003ctd\u003eV1.1.4.28\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAXE450\u003c/b\u003e Nighthawk AXE10000 Tri-Band WiFi 6E Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/raxe450/\"\u003eV1.2.14.114\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAXE500\u003c/b\u003e Nighthawk AX12 12-Stream AXE11000 Tri-Band WiFi 6E Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/raxe500/\"\u003eV1.2.14.114\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eXR1000\u003c/b\u003e Nighthawk WiFi 6 Pro Gaming Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/xr1000/\"\u003eV1.1.0.22\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eXR1000v2\u003c/b\u003e Nighthawk WiFi 6 Pro Gaming Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/xr1000v2/\"\u003eV1.1.0.22\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003eModels marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support.\u003c/p\u003e"
                }
              ],
              "value": "Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\n\nProductFixed VersionR7000 (EoS) Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router V1.0.11.216 https://www.netgear.com/support/product/r7000/ RAX20 (EoS) 4-Stream AX1800 WiFi 6 Router V1.0.18.144 https://www.netgear.com/support/product/rax20/ RAX35v2 Nighthawk AX4 4-Stream AX3000 WiFi 6 Router V1.0.16.132 https://www.netgear.com/support/product/rax35v2/ RAX41 (EoS) Nighthawk AX5 5-Stream AX3600 WiFi Router V1.0.16.132 https://www.netgear.com/support/product/rax41/ RAX41v2 Nighthawk AX5 5-Stream AX3600 WiFi Router V1.1.4.28 https://www.netgear.com/support/product/rax41v2/ RAX42 (EoS) Nighthawk AX5 5-Stream AX4200 WiFi Router V1.0.16.132 https://www.netgear.com/support/product/rax42/ RAX42v2 Nighthawk AX5 5-Stream AX4200 WiFi Router V1.1.4.28 https://www.netgear.com/support/product/rax42v2/ RAX43 (EoS) Nighthawk AX5 5-Stream AX4200 WiFi Router V1.0.16.132 https://www.netgear.com/support/product/rax43/ RAX43v2 Nighthawk AX5 5-Stream AX4200 WiFi Router V1.1.4.28 https://www.netgear.com/support/product/rax43v2/ RAX45 (EoS) Nighthawk AX6 6-Stream AX4300 WiFi Router V1.0.16.132 https://www.netgear.com/support/product/rax45/ RAX49S Nighthawk AX6 6-Stream AX5300 WiFi Router V1.1.4.28 https://www.netgear.com/support/product/rax49s/ RAX50 Nighthawk AX6 6-Stream AX5400 WiFi 6 Router V1.0.16.132 https://www.netgear.com/support/product/rax50/ RAX50S Nighthawk AX6 6-Stream AX5400 WiFi 6 Router V1.0.16.132 https://www.netgear.com/support/product/rax50s/ RAX50v2 Nighthawk AX6 6-Stream AX5400 WiFi 6 Router V1.1.4.28 https://www.netgear.com/support/product/rax50v2/ RAX54Sv2 Nighthawk AX6 6-Stream AX5400 WiFi Router V1.1.4.28 https://www.netgear.com/support/product/rax54sv2/ RAX54v2V1.1.4.28RAXE450 Nighthawk AXE10000 Tri-Band WiFi 6E Router V1.2.14.114 https://www.netgear.com/support/product/raxe450/ RAXE500 Nighthawk AX12 12-Stream AXE11000 Tri-Band WiFi 6E Router V1.2.14.114 https://www.netgear.com/support/product/raxe500/ XR1000 Nighthawk WiFi 6 Pro Gaming Router V1.1.0.22 https://www.netgear.com/support/product/xr1000/ XR1000v2 Nighthawk WiFi 6 Pro Gaming Router V1.1.0.22 https://www.netgear.com/support/product/xr1000v2/ \n\nModels marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Insufficient input validation in certain NETGEAR routers",
          "x_generator": {
            "engine": "Vulnogram 1.0.3"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
        "assignerShortName": "NETGEAR",
        "cveId": "CVE-2026-0410",
        "datePublished": "2026-06-09T15:41:47.808Z",
        "dateReserved": "2025-12-03T04:16:17.013Z",
        "dateUpdated": "2026-06-10T15:24:02.912Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-40620 (GCVE-0-2022-40620)

    Vulnerability from nvd – Published: 2026-01-28 00:00 – Updated: 2026-01-29 18:51
    VLAI
    Summary
    FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. An attacker (suitably positioned on the network) could intercept the update request and deliver a malicious update package in order to gain arbitrary code execution on affected devices. This affects R6230 before 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 before 1.0.5.42, and XR300 before 1.0.3.72 and Orbi RBR20 before 2.7.2.26, RBR50 before 2.7.4.26, RBS20 before 2.7.2.26, and RBS50 before 2.7.4.26.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-295 - Improper Certificate Validation
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 7.7,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-40620",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-29T18:50:57.412712Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-295",
                    "description": "CWE-295 Improper Certificate Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-29T18:51:01.983Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. An attacker (suitably positioned on the network) could intercept the update request and deliver a malicious update package in order to gain arbitrary code execution on affected devices. This affects R6230 before 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 before 1.0.5.42, and XR300 before 1.0.3.72 and Orbi RBR20 before 2.7.2.26, RBR50 before 2.7.4.26, RBS20 before 2.7.2.26, and RBS50 before 2.7.4.26."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-28T18:45:15.769Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://kb.netgear.com/000065132/Security-Advisory-for-Vulnerabilities-in-FunJSQ-on-Some-Routers-and-Orbi-WiFi-Systems-PSV-2022-0117"
            },
            {
              "url": "https://www.onekey.com/resource/security-advisory-netgear-routers-funjsq-vulnerabilities"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-40620",
        "datePublished": "2026-01-28T00:00:00.000Z",
        "dateReserved": "2022-09-12T00:00:00.000Z",
        "dateUpdated": "2026-01-29T18:51:01.983Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-40619 (GCVE-0-2022-40619)

    Vulnerability from nvd – Published: 2026-01-28 00:00 – Updated: 2026-01-29 18:52
    VLAI Shadowserver
    Summary
    FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsq_access_token parameter. This affects R6230 before 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 before 1.0.5.42, and XR300 before 1.0.3.72 and Orbi RBR20 before 2.7.2.26, RBR50 before 2.7.4.26, RBS20 before 2.7.2.26, and RBS50 before 2.7.4.26.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 7.7,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-40619",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-29T18:51:27.553100Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-29T18:52:26.839Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsq_access_token parameter. This affects R6230 before 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 before 1.0.5.42, and XR300 before 1.0.3.72 and Orbi RBR20 before 2.7.2.26, RBR50 before 2.7.4.26, RBS20 before 2.7.2.26, and RBS50 before 2.7.4.26."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-28T18:44:47.297Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://kb.netgear.com/000065132/Security-Advisory-for-Vulnerabilities-in-FunJSQ-on-Some-Routers-and-Orbi-WiFi-Systems-PSV-2022-0117"
            },
            {
              "url": "https://www.onekey.com/resource/security-advisory-netgear-routers-funjsq-vulnerabilities"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-40619",
        "datePublished": "2026-01-28T00:00:00.000Z",
        "dateReserved": "2022-09-12T00:00:00.000Z",
        "dateUpdated": "2026-01-29T18:52:26.839Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-44650 (GCVE-0-2025-44650)

    Vulnerability from nvd – Published: 2025-07-21 00:00 – Updated: 2025-08-07 13:29
    VLAI
    Summary
    In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2, the USERLIMIT_GLOBAL option is set to 0 in the bftpd.conf configuration file. This can cause DoS attacks when unlimited users are connected.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-44650",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-22T15:47:00.463097Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-22T15:47:28.565Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2, the USERLIMIT_GLOBAL option is set to 0 in the bftpd.conf configuration file. This can cause DoS attacks when unlimited users are connected."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-07T13:29:43.759Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.netgear.com/about/security/"
            },
            {
              "url": "https://gist.github.com/TPCchecker/d13d15dfa8965ba88a9437718f77f67d"
            },
            {
              "url": "https://www.notion.so/CVE-2025-44650-24754a1113e780dca89dca218b90b1d9"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-44650",
        "datePublished": "2025-07-21T00:00:00.000Z",
        "dateReserved": "2025-04-22T00:00:00.000Z",
        "dateUpdated": "2025-08-07T13:29:43.759Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-35520 (GCVE-0-2024-35520)

    Vulnerability from nvd – Published: 2024-10-14 00:00 – Updated: 2024-10-15 14:23
    VLAI
    Summary
    Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    netgear r7000_firmware Affected: 1.0.11.136
        cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "r7000_firmware",
                "vendor": "netgear",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0.11.136"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-35520",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T14:09:34.784101Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T14:23:36.216Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:C/UI:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-14T21:07:39.206Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://kb.netgear.com/000066027/Security-Advisory-for-Post-Authentication-Command-Injection-on-the-R7000-PSV-2023-0154"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-35520",
        "datePublished": "2024-10-14T00:00:00.000Z",
        "dateReserved": "2024-05-17T00:00:00.000Z",
        "dateUpdated": "2024-10-15T14:23:36.216Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34983 (GCVE-0-2021-34983)

    Vulnerability from nvd – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
    VLAI
    Title
    NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability
    Summary
    NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13708.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    NETGEAR Multiple Routers Affected: V1.0.11.116_10.2.100
    Create a notification for this product.
    Date Public
    2021-10-29 13:54
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-34983",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T15:08:46.169063Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-18T18:38:20.962Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:26:55.842Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-21-1275",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1275/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Multiple Routers",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.0.11.116_10.2.100"
                }
              ]
            }
          ],
          "dateAssigned": "2021-06-30T13:56:51.720Z",
          "datePublic": "2021-10-29T13:54:16.924Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13708."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-07T22:54:51.052Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-21-1275",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1275/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Sungur Labs"
          },
          "title": "NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2021-34983",
        "datePublished": "2024-05-07T22:54:51.052Z",
        "dateReserved": "2021-06-17T19:27:05.662Z",
        "dateUpdated": "2024-08-04T00:26:55.842Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34982 (GCVE-0-2021-34982)

    Vulnerability from nvd – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
    VLAI
    Title
    NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability
    Summary
    NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13709.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    NETGEAR Multiple Routers Affected: V1.0.11.116_10.2.100
    Create a notification for this product.
    netgear multiple_router_firmware Affected: 1.0.11.116_10.0.100
        cpe:2.3:o:netgear:multiple_router_firmware:1.0.11.116_10.0.100:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2021-10-29 13:54
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:netgear:multiple_router_firmware:1.0.11.116_10.0.100:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "multiple_router_firmware",
                "vendor": "netgear",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0.11.116_10.0.100"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-34982",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T14:52:41.415481Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:12:45.927Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:26:55.936Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-21-1274",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1274/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Multiple Routers",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.0.11.116_10.2.100"
                }
              ]
            }
          ],
          "dateAssigned": "2021-06-30T13:56:51.718Z",
          "datePublic": "2021-10-29T13:54:08.659Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n\n\n\n\n. Was ZDI-CAN-13709."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-07T22:54:50.139Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-21-1274",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1274/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Sungur Labs"
          },
          "title": "NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2021-34982",
        "datePublished": "2024-05-07T22:54:50.139Z",
        "dateReserved": "2021-06-17T19:27:05.662Z",
        "dateUpdated": "2024-08-04T00:26:55.936Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1431 (GCVE-0-2024-1431)

    Vulnerability from nvd – Published: 2024-02-11 02:31 – Updated: 2024-08-01 18:40
    VLAI
    Title
    Netgear R7000 Web Management Interface debuginfo.htm information disclosure
    Summary
    A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253382 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Netgear R7000 Affected: 1.0.11.136_10.2.120
    Create a notification for this product.
    Credits
    leetsun (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1431",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-12T13:37:18.114368Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T17:20:50.569Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:40:21.093Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.253382"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.253382"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/leetsun/Hints/tree/main/R7000/2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Web Management Interface"
              ],
              "product": "R7000",
              "vendor": "Netgear",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.11.136_10.2.120"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "leetsun (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253382 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in Netgear R7000 1.0.11.136_10.2.120 gefunden. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /debuginfo.htm der Komponente Web Management Interface. Durch Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 3.3,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Information Disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-11T02:31:04.685Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.253382"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.253382"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/leetsun/Hints/tree/main/R7000/2"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-02-10T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-02-10T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-02-10T10:48:18.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Netgear R7000 Web Management Interface debuginfo.htm information disclosure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-1431",
        "datePublished": "2024-02-11T02:31:04.685Z",
        "dateReserved": "2024-02-10T09:42:59.598Z",
        "dateUpdated": "2024-08-01T18:40:21.093Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1430 (GCVE-0-2024-1430)

    Vulnerability from nvd – Published: 2024-02-11 00:31 – Updated: 2024-08-25 05:52
    VLAI
    Title
    Netgear R7000 Web Management Interface currentsetting.htm information disclosure
    Summary
    A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Netgear R7000 Affected: 1.0.11.136_10.2.120
    Create a notification for this product.
    netgear r7000_firmware Affected: 1.0.11.136_10.2.120
        cpe:2.3:o:netgear:r7000_firmware:1.0.11.136_10.2.120:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    leetsun (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:netgear:r7000_firmware:1.0.11.136_10.2.120:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "r7000_firmware",
                "vendor": "netgear",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0.11.136_10.2.120"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1430",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-21T20:44:12.428892Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-15T20:33:07.639Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:40:21.040Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.253381"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.253381"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/leetsun/Hints/tree/main/R7000/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Web Management Interface"
              ],
              "product": "R7000",
              "vendor": "Netgear",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.11.136_10.2.120"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "leetsun (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Netgear R7000 1.0.11.136_10.2.120 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /currentsetting.htm der Komponente Web Management Interface. Durch das Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 3.3,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Information Disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-25T05:52:59.935Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-253381 | Netgear R7000 Web Management Interface currentsetting.htm information disclosure",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.253381"
            },
            {
              "name": "VDB-253381 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.253381"
            },
            {
              "name": "Submit #276025 | Netgear R7000 \u2014  Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router V1.0.11.136_10.2.120 Incorrect Access Control",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.276025"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://github.com/leetsun/Hints/tree/main/R7000/1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.netgear.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-02-10T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-02-10T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2024-02-10T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-03-03T11:32:07.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Netgear R7000 Web Management Interface currentsetting.htm information disclosure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-1430",
        "datePublished": "2024-02-11T00:31:04.302Z",
        "dateReserved": "2024-02-10T09:42:57.248Z",
        "dateUpdated": "2024-08-25T05:52:59.935Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36187 (GCVE-0-2023-36187)

    Vulnerability from nvd – Published: 2023-09-01 00:00 – Updated: 2024-10-01 16:26
    VLAI
    Summary
    Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    netgear r6400v2 Affected: 0 , < 1.0.4.118 (custom)
        cpe:2.3:h:netgear:r6400v2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:37:41.263Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000065571/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0578"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:netgear:r6400v2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "r6400v2",
                "vendor": "netgear",
                "versions": [
                  {
                    "lessThan": "1.0.4.118",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36187",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-01T16:25:37.076547Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-01T16:26:34.615Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-01T15:04:10.728Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://kb.netgear.com/000065571/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0578"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-36187",
        "datePublished": "2023-09-01T00:00:00.000Z",
        "dateReserved": "2023-06-21T00:00:00.000Z",
        "dateUpdated": "2024-10-01T16:26:34.615Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27647 (GCVE-0-2022-27647)

    Vulnerability from nvd – Published: 2023-03-29 00:00 – Updated: 2025-02-18 17:41
    VLAI
    Summary
    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    zdi
    Impacted products
    Vendor Product Version
    NETGEAR R6700v3 Affected: 1.0.4.120_10.0.91
    Create a notification for this product.
    Credits
    Bugscale team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:32:59.969Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-524/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-27647",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-18T17:40:25.890386Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-18T17:41:07.125Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "R6700v3",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.4.120_10.0.91"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Bugscale team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-29T00:00:00.000Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "url": "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327"
            },
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-524/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2022-27647",
        "datePublished": "2023-03-29T00:00:00.000Z",
        "dateReserved": "2022-03-22T00:00:00.000Z",
        "dateUpdated": "2025-02-18T17:41:07.125Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27646 (GCVE-0-2022-27646)

    Vulnerability from nvd – Published: 2023-03-29 00:00 – Updated: 2025-02-18 17:47
    VLAI
    Summary
    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15879.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    zdi
    Impacted products
    Vendor Product Version
    NETGEAR R6700v3 Affected: 1.0.4.120_10.0.91
    Create a notification for this product.
    Credits
    Kevin Denis (@0xmitsurugi) and Antide Petit (@xarkes_) from @Synacktiv
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:32:59.786Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-523/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-27646",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-18T17:44:39.122282Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-18T17:47:05.390Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "R6700v3",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.4.120_10.0.91"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Kevin Denis (@0xmitsurugi) and Antide Petit (@xarkes_) from @Synacktiv"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15879."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-29T00:00:00.000Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "url": "https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324"
            },
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-523/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2022-27646",
        "datePublished": "2023-03-29T00:00:00.000Z",
        "dateReserved": "2022-03-22T00:00:00.000Z",
        "dateUpdated": "2025-02-18T17:47:05.390Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27645 (GCVE-0-2022-27645)

    Vulnerability from nvd – Published: 2023-03-29 00:00 – Updated: 2025-02-18 17:47
    VLAI
    Summary
    This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    zdi
    Impacted products
    Vendor Product Version
    NETGEAR R6700v3 Affected: 1.0.4.120_10.0.91
    Create a notification for this product.
    Credits
    Xin'an Zhou, Xiaochen Zou, Zhiyun Qian (from the team NullRiver)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:32:59.899Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-522/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-27645",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-18T17:47:46.916392Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-18T17:47:52.653Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "R6700v3",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.4.120_10.0.91"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Xin\u0027an Zhou, Xiaochen Zou, Zhiyun Qian (from the team NullRiver)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-28T00:00:00.000Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-522/"
            },
            {
              "url": "https://kb.netgear.com/000064722/Security-Advisory-for-Sensitive-Information-Disclosure-on-Some-Routers-and-Fixed-Wireless-Products-PSV-2021-0325"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2022-27645",
        "datePublished": "2023-03-29T00:00:00.000Z",
        "dateReserved": "2022-03-22T00:00:00.000Z",
        "dateUpdated": "2025-02-18T17:47:52.653Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27644 (GCVE-0-2022-27644)

    Vulnerability from nvd – Published: 2023-03-29 00:00 – Updated: 2025-02-18 17:48
    VLAI
    Summary
    This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-295 - Improper Certificate Validation
    Assigner
    zdi
    Impacted products
    Vendor Product Version
    NETGEAR R6700v3 Affected: 1.0.4.120_10.0.91
    Create a notification for this product.
    Credits
    Kevin Denis (@0xmitsurugi) and Antide Petit (@xarkes_) from @Synacktiv
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:32:59.965Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-520/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-27644",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-18T17:48:29.884992Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-18T17:48:57.562Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "R6700v3",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.4.120_10.0.91"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Kevin Denis (@0xmitsurugi) and Antide Petit (@xarkes_) from @Synacktiv"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295: Improper Certificate Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-29T00:00:00.000Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-520/"
            },
            {
              "url": "https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2022-27644",
        "datePublished": "2023-03-29T00:00:00.000Z",
        "dateReserved": "2022-03-22T00:00:00.000Z",
        "dateUpdated": "2025-02-18T17:48:57.562Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27643 (GCVE-0-2022-27643)

    Vulnerability from nvd – Published: 2023-03-29 00:00 – Updated: 2025-02-18 17:49
    VLAI
    Summary
    This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15692.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    zdi
    Impacted products
    Vendor Product Version
    NETGEAR R6700v3 Affected: 1.0.4.120_10.0.91
    Create a notification for this product.
    Credits
    Stephen Fewer of Relyze Software Limited (www.relyze.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:32:59.967Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-519/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064720/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0323"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-27643",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-18T17:49:08.208403Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-18T17:49:16.374Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "R6700v3",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.4.120_10.0.91"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Stephen Fewer of Relyze Software Limited (www.relyze.com)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15692."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-29T00:00:00.000Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-519/"
            },
            {
              "url": "https://kb.netgear.com/000064720/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multiple-Products-PSV-2021-0323"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2022-27643",
        "datePublished": "2023-03-29T00:00:00.000Z",
        "dateReserved": "2022-03-22T00:00:00.000Z",
        "dateUpdated": "2025-02-18T17:49:16.374Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-27642 (GCVE-0-2022-27642)

    Vulnerability from nvd – Published: 2023-03-29 00:00 – Updated: 2025-02-18 17:49
    VLAI
    Summary
    This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    zdi
    Impacted products
    Vendor Product Version
    NETGEAR R6700v3 Affected: 1.0.4.120_10.0.91
    Create a notification for this product.
    Credits
    Bugscale team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:32:59.905Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-518/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-27642",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-18T17:49:46.824954Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-18T17:49:51.215Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "R6700v3",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.4.120_10.0.91"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Bugscale team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-29T00:00:00.000Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-518/"
            },
            {
              "url": "https://kb.netgear.com/000064723/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0327"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2022-27642",
        "datePublished": "2023-03-29T00:00:00.000Z",
        "dateReserved": "2022-03-22T00:00:00.000Z",
        "dateUpdated": "2025-02-18T17:49:51.215Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-0417 (GCVE-0-2026-0417)

    Vulnerability from cvelistv5 – Published: 2026-06-09 15:50 – Updated: 2026-06-10 15:49
    VLAI
    Title
    Insufficient input validation in certain NETGEAR routers
    Summary
    Insufficient input validation vulnerability in the listed NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper input validation
    Assigner
    References
    URL Tags
    https://www.netgear.com/support/product/mr70/ productpatch
    https://www.netgear.com/support/product/mr80/ productpatch
    https://www.netgear.com/support/product/mr60/ productpatch
    https://www.netgear.com/support/product/ms60/ productpatch
    https://www.netgear.com/support/product/ms80/ productpatch
    https://www.netgear.com/support/product/r6400v2/ productpatch
    https://www.netgear.com/support/product/ms70/ productpatch
    https://www.netgear.com/support/product/r6700v3/ productpatch
    https://www.netgear.com/support/product/r7000/ productpatch
    https://www.netgear.com/support/product/r6900p/ productpatch
    https://www.netgear.com/support/product/r8000p/ productpatch
    https://www.netgear.com/support/product/r8500/ productpatch
    https://www.netgear.com/support/product/rax40v2/ productpatch
    https://www.netgear.com/support/product/rax42/ productpatch
    https://www.netgear.com/support/product/rax35v2/ productpatch
    https://www.netgear.com/support/product/rax41/ productpatch
    https://www.netgear.com/support/product/rax20/ productpatch
    https://www.netgear.com/support/product/rax43/ productpatch
    https://www.netgear.com/support/product/r7960p/ productpatch
    https://www.netgear.com/support/product/r7000p/ productpatch
    https://www.netgear.com/support/product/rax45/ productpatch
    https://www.netgear.com/support/product/rax48/ productpatch
    https://www.netgear.com/support/product/raxe450/ productpatch
    https://www.netgear.com/support/product/rax50s/ productpatch
    https://www.netgear.com/support/product/xr1000/ productpatch
    https://www.netgear.com/support/product/rax50/ productpatch
    https://www.netgear.com/support/product/raxe500/ productpatch
    https://kb.netgear.com/000070811/June-2026-NETGEA… vendor-advisory
    Impacted products
    Vendor Product Version
    NETGEAR MR60 Affected: 0 , < V1.1.7.132 (custom)
    Create a notification for this product.
    NETGEAR MR70 Affected: 0 , < V1.0.3.28 (custom)
    Create a notification for this product.
    NETGEAR MR80 Affected: 0 , < V1.1.7.14 (custom)
    Create a notification for this product.
    NETGEAR MS60 Affected: 0 , < V1.1.7.132 (custom)
    Create a notification for this product.
    NETGEAR MS70 Affected: 0 , < V1.0.3.28 (custom)
    Create a notification for this product.
    NETGEAR MS80 Affected: 0 , < V1.1.7.14 (custom)
    Create a notification for this product.
    NETGEAR R6400v2 Affected: 0 , < V1.0.4.128 (custom)
    Create a notification for this product.
    NETGEAR R6700v3 Affected: 0 , < V1.0.4.128 (custom)
    Create a notification for this product.
    NETGEAR R6900P Affected: 0 , < V1.3.3.152 (custom)
    Create a notification for this product.
    NETGEAR R7000 Affected: 0 , < V1.0.11.216 (custom)
    Create a notification for this product.
    NETGEAR R7000P Affected: 0 , < V1.3.3.152 (custom)
    Create a notification for this product.
    NETGEAR R7960P Affected: 0 , < V1.4.4.92 (custom)
    Create a notification for this product.
    NETGEAR R8000P Affected: 0 , < V1.4.4.92 (custom)
    Create a notification for this product.
    NETGEAR R8500 Affected: 0 , ≤ 1.0.2.160 (custom)
    Create a notification for this product.
    NETGEAR RAX20 Affected: 0 , < V1.0.18.144 (custom)
    Create a notification for this product.
    NETGEAR RAX35v2 Affected: 0 , < V1.0.16.132 (custom)
    Create a notification for this product.
    NETGEAR RAX40v2 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX41 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX42 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX43 Affected: 0 , < V1.0.12.120 (custom)
    Create a notification for this product.
    NETGEAR RAX45 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX48 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX50 Affected: 0 , < V1.0.12.120 (custom)
    Create a notification for this product.
    NETGEAR RAX50S Affected: 0 , < V1.0.12.120 (custom)
    Create a notification for this product.
    NETGEAR RAXE450 Affected: 0 , < V1.0.10.86 (custom)
    Create a notification for this product.
    NETGEAR RAXE500 Affected: 0 , < V1.0.10.86 (custom)
    Create a notification for this product.
    NETGEAR XR1000 Affected: 0 , < V1.0.0.68 (custom)
    Create a notification for this product.
    Date Public
    2026-06-09 00:00
    Credits
    pjqwudi
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0417",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T17:10:42.291794Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T17:10:51.031Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MR60",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.7.132",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MR70",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.3.28",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MR80",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.7.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MS60",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.7.132",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MS70",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.3.28",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MS80",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.7.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R6400v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.4.128",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R6700v3",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.4.128",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R6900P",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.3.3.152",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R7000",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.11.216",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R7000P",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.3.3.152",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R7960P",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.4.4.92",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R8000P",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.4.4.92",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R8500",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.2.160",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX20",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.18.144",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX35v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.16.132",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX40v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX41",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX42",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX43",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.120",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX45",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX48",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX50",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.120",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX50S",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.120",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAXE450",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.10.86",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAXE500",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.10.86",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "XR1000",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.0.68",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "pjqwudi"
            }
          ],
          "datePublic": "2026-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eInsufficient input validation vulnerability in the listed NETGEAR\u0026nbsp;devices\u0026nbsp;allows\nauthenticated administrators connected to the local network to\u0026nbsp;tamper with\nthe router\u0027s integrity. \u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "Insufficient input validation vulnerability in the listed NETGEAR\u00a0devices\u00a0allows\nauthenticated administrators connected to the local network to\u00a0tamper with\nthe router\u0027s integrity."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper input validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T15:49:33.259Z",
            "orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
            "shortName": "NETGEAR"
          },
          "references": [
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/mr70/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/mr80/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/mr60/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ms60/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ms80/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r6400v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ms70/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r6700v3/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r7000/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r6900p/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r8000p/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r8500/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax40v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax42/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax35v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax41/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax20/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax43/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r7960p/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r7000p/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax45/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax48/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/raxe450/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax50s/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/xr1000/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax50/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/raxe500/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDevices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\u003c/p\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eProduct\u003c/th\u003e\u003cth\u003eFixed Version\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMR60\u003c/b\u003e Nighthawk Mesh WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/mr60/\"\u003eV1.1.7.132\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMR70\u003c/b\u003e Nighthawk Mesh WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/mr70/\"\u003eV1.0.3.28\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMR80\u003c/b\u003e Nighthawk Tri-band Mesh WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/mr80/\"\u003eV1.1.7.14\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMS60\u003c/b\u003e Nighthawk Mesh WiFi 6 Add-on Satellite\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ms60/\"\u003eV1.1.7.132\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMS70\u003c/b\u003e Nighthawk Mesh WiFi 6 Add-on Satellite\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ms70/\"\u003eV1.0.3.28\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMS80\u003c/b\u003e Nighthawk Tri-band Mesh WiFi 6 Add-on Satellite\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ms80/\"\u003eV1.1.7.14\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR6400v2 (EoS)\u003c/b\u003e AC1750 Smart WiFi Router 802.11ac Dual Band Gigabit\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r6400v2/\"\u003eV1.0.4.128\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR6700v3 (EoS)\u003c/b\u003e Nighthawk AC1750 Smart WiFi Dual Band Gigabit Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r6700v3/\"\u003eV1.0.4.128\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR6900P (EoS)\u003c/b\u003e Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r6900p/\"\u003eV1.3.3.152\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR7000 (EoS)\u003c/b\u003e Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r7000/\"\u003eV1.0.11.216\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR7000P (EoS)\u003c/b\u003e Nighthawk AC2300 Smart WiFi Dual Band Gigabit Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r7000p/\"\u003eV1.3.3.152\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR7960P (EoS)\u003c/b\u003e Nighthawk X6S AC3600 Tri-Band WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r7960p/\"\u003eV1.4.4.92\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR8000P (EoS)\u003c/b\u003e Nighthawk X6S AC4000 Tri Band WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r8000p/\"\u003eV1.4.4.92\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR8500 (EoS)\u003c/b\u003e Nighthawk X8 AC5300 Smart WiFi Router\u003c/td\u003e\u003ctd\u003eEOS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX20 (EoS)\u003c/b\u003e 4-Stream AX1800 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax20/\"\u003eV1.0.18.144\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX35v2\u003c/b\u003e Nighthawk AX4 4-Stream AX3000 WiFi 6 Router\u003c/td\u003e\u003ctd\u003eV1.0.16.132\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX40v2\u003c/b\u003e Nighthawk AX4 4-Stream WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax40v2/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX41 (EoS)\u003c/b\u003e Nighthawk AX5 5-Stream AX3600 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax41/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX42 (EoS)\u003c/b\u003e Nighthawk AX5 5-Stream AX4200 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax42/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX43 (EoS)\u003c/b\u003e Nighthawk AX5 5-Stream AX4200 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax43/\"\u003eV1.0.12.120\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX45 (EoS)\u003c/b\u003e Nighthawk AX6 6-Stream AX4300 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax45/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX48\u003c/b\u003e Nighthawk AX6 6-Stream AX5200 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax48/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX50\u003c/b\u003e Nighthawk AX6 6-Stream AX5400 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax50/\"\u003eV1.0.12.120\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX50S\u003c/b\u003e Nighthawk AX6 6-Stream AX5400 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax50s/\"\u003eV1.0.12.120\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAXE450\u003c/b\u003e Nighthawk AXE10000 Tri-Band WiFi 6E Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/raxe450/\"\u003eV1.0.10.86\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAXE500\u003c/b\u003e Nighthawk AX12 12-Stream AXE11000 Tri-Band WiFi 6E Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/raxe500/\"\u003eV1.0.10.86\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eXR1000\u003c/b\u003e Nighthawk WiFi 6 Pro Gaming Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/xr1000/\"\u003eV1.0.0.68\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003eModels marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support.\u003c/p\u003e"
                }
              ],
              "value": "Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\n\nProductFixed VersionMR60 Nighthawk Mesh WiFi 6 Router V1.1.7.132 https://www.netgear.com/support/product/mr60/ MR70 Nighthawk Mesh WiFi 6 Router V1.0.3.28 https://www.netgear.com/support/product/mr70/ MR80 Nighthawk Tri-band Mesh WiFi 6 Router V1.1.7.14 https://www.netgear.com/support/product/mr80/ MS60 Nighthawk Mesh WiFi 6 Add-on Satellite V1.1.7.132 https://www.netgear.com/support/product/ms60/ MS70 Nighthawk Mesh WiFi 6 Add-on Satellite V1.0.3.28 https://www.netgear.com/support/product/ms70/ MS80 Nighthawk Tri-band Mesh WiFi 6 Add-on Satellite V1.1.7.14 https://www.netgear.com/support/product/ms80/ R6400v2 (EoS) AC1750 Smart WiFi Router 802.11ac Dual Band Gigabit V1.0.4.128 https://www.netgear.com/support/product/r6400v2/ R6700v3 (EoS) Nighthawk AC1750 Smart WiFi Dual Band Gigabit Router V1.0.4.128 https://www.netgear.com/support/product/r6700v3/ R6900P (EoS) Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router V1.3.3.152 https://www.netgear.com/support/product/r6900p/ R7000 (EoS) Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router V1.0.11.216 https://www.netgear.com/support/product/r7000/ R7000P (EoS) Nighthawk AC2300 Smart WiFi Dual Band Gigabit Router V1.3.3.152 https://www.netgear.com/support/product/r7000p/ R7960P (EoS) Nighthawk X6S AC3600 Tri-Band WiFi Router V1.4.4.92 https://www.netgear.com/support/product/r7960p/ R8000P (EoS) Nighthawk X6S AC4000 Tri Band WiFi Router V1.4.4.92 https://www.netgear.com/support/product/r8000p/ R8500 (EoS) Nighthawk X8 AC5300 Smart WiFi RouterEOSRAX20 (EoS) 4-Stream AX1800 WiFi 6 Router V1.0.18.144 https://www.netgear.com/support/product/rax20/ RAX35v2 Nighthawk AX4 4-Stream AX3000 WiFi 6 RouterV1.0.16.132RAX40v2 Nighthawk AX4 4-Stream WiFi Router V1.0.12.118 https://www.netgear.com/support/product/rax40v2/ RAX41 (EoS) Nighthawk AX5 5-Stream AX3600 WiFi Router V1.0.12.118 https://www.netgear.com/support/product/rax41/ RAX42 (EoS) Nighthawk AX5 5-Stream AX4200 WiFi Router V1.0.12.118 https://www.netgear.com/support/product/rax42/ RAX43 (EoS) Nighthawk AX5 5-Stream AX4200 WiFi Router V1.0.12.120 https://www.netgear.com/support/product/rax43/ RAX45 (EoS) Nighthawk AX6 6-Stream AX4300 WiFi Router V1.0.12.118 https://www.netgear.com/support/product/rax45/ RAX48 Nighthawk AX6 6-Stream AX5200 WiFi 6 Router V1.0.12.118 https://www.netgear.com/support/product/rax48/ RAX50 Nighthawk AX6 6-Stream AX5400 WiFi 6 Router V1.0.12.120 https://www.netgear.com/support/product/rax50/ RAX50S Nighthawk AX6 6-Stream AX5400 WiFi 6 Router V1.0.12.120 https://www.netgear.com/support/product/rax50s/ RAXE450 Nighthawk AXE10000 Tri-Band WiFi 6E Router V1.0.10.86 https://www.netgear.com/support/product/raxe450/ RAXE500 Nighthawk AX12 12-Stream AXE11000 Tri-Band WiFi 6E Router V1.0.10.86 https://www.netgear.com/support/product/raxe500/ XR1000 Nighthawk WiFi 6 Pro Gaming Router V1.0.0.68 https://www.netgear.com/support/product/xr1000/ \n\nModels marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Insufficient input validation in certain NETGEAR routers",
          "x_generator": {
            "engine": "Vulnogram 1.0.3"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
        "assignerShortName": "NETGEAR",
        "cveId": "CVE-2026-0417",
        "datePublished": "2026-06-09T15:50:49.507Z",
        "dateReserved": "2025-12-03T04:16:24.254Z",
        "dateUpdated": "2026-06-10T15:49:33.259Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-9210 (GCVE-0-2026-9210)

    Vulnerability from cvelistv5 – Published: 2026-06-09 15:50 – Updated: 2026-06-11 05:38
    VLAI
    Title
    Certain NETGEAR routers allow authenticated administrators to gain unintended control of the router
    Summary
    Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper input validation
    Assigner
    References
    URL Tags
    https://www.netgear.com/support/product/ex3700/ productpatch
    https://www.netgear.com/support/product/ex3800/ productpatch
    https://www.netgear.com/support/product/ex6120/ productpatch
    https://www.netgear.com/support/product/mr60/ productpatch
    https://www.netgear.com/support/product/ex6130/ productpatch
    https://www.netgear.com/support/product/ms70/ productpatch
    https://www.netgear.com/support/product/ms60/ productpatch
    https://www.netgear.com/support/product/mr80/ productpatch
    https://www.netgear.com/support/product/ms80/ productpatch
    https://www.netgear.com/support/product/mr70/ productpatch
    https://www.netgear.com/support/product/r6400v2/ productpatch
    https://www.netgear.com/support/product/r6700v3/ productpatch
    https://www.netgear.com/support/product/r6900p/ productpatch
    https://www.netgear.com/support/product/r7960p/ productpatch
    https://www.netgear.com/support/product/r7000p/ productpatch
    https://www.netgear.com/support/product/r8000p/ productpatch
    https://www.netgear.com/support/product/r8500/ product
    https://www.netgear.com/support/product/rax48/ productpatch
    https://www.netgear.com/support/product/r7000/ productpatch
    https://www.netgear.com/support/product/rax40v2/ productpatch
    https://www.netgear.com/support/product/rax20/ productpatch
    https://www.netgear.com/support/product/rax35v2/ productpatch
    https://www.netgear.com/support/product/rax41/ productpatch
    https://www.netgear.com/support/product/rax42/ productpatch
    https://www.netgear.com/support/product/rax45/ productpatch
    https://www.netgear.com/support/product/rax50/ productpatch
    https://www.netgear.com/support/product/rax43/ productpatch
    https://www.netgear.com/support/product/rax50s/ productpatch
    https://www.netgear.com/support/product/raxe450/ productpatch
    https://www.netgear.com/support/product/raxe500/ productpatch
    https://www.netgear.com/support/product/xr1000/ productpatch
    https://kb.netgear.com/000070811/June-2026-NETGEA… vendor-advisory
    Impacted products
    Vendor Product Version
    NETGEAR EX3700 Affected: 0 , < V1.0.0.100 (custom)
    Create a notification for this product.
    NETGEAR EX3800 Affected: 0 , < V1.0.0.100 (custom)
    Create a notification for this product.
    NETGEAR EX6120 Affected: 0 , < V1.0.0.72 (custom)
    Create a notification for this product.
    NETGEAR EX6130 Affected: 0 , < V1.0.0.54 (custom)
    Create a notification for this product.
    NETGEAR MR60 Affected: 0 , < V1.1.7.132 (custom)
    Create a notification for this product.
    NETGEAR MR70 Affected: 0 , < V1.0.3.28 (custom)
    Create a notification for this product.
    NETGEAR MR80 Affected: 0 , < V1.1.7.14 (custom)
    Create a notification for this product.
    NETGEAR MS60 Affected: 0 , < V1.1.7.132 (custom)
    Create a notification for this product.
    NETGEAR MS70 Affected: 0 , < V1.0.3.28 (custom)
    Create a notification for this product.
    NETGEAR MS80 Affected: 0 , < V1.1.7.14 (custom)
    Create a notification for this product.
    NETGEAR R6400v2 Affected: 0 , < V1.0.4.128 (custom)
    Create a notification for this product.
    NETGEAR R6700v3 Affected: 0 , < V1.0.4.128 (custom)
    Create a notification for this product.
    NETGEAR R6900P Affected: 0 , < V1.3.3.152 (custom)
    Create a notification for this product.
    NETGEAR R7000 Affected: 0 , < V1.0.11.216 (custom)
    Create a notification for this product.
    NETGEAR R7000P Affected: 0 , < V1.3.3.152 (custom)
    Create a notification for this product.
    NETGEAR R7960P Affected: 0 , < V1.4.4.92 (custom)
    Create a notification for this product.
    NETGEAR R8000P Affected: 0 , < V1.4.4.92 (custom)
    Create a notification for this product.
    NETGEAR R8500 Affected: 0 , ≤ 1.0.2.160 (custom)
    Create a notification for this product.
    NETGEAR RAX20 Affected: 0 , < V1.0.18.144 (custom)
    Create a notification for this product.
    NETGEAR RAX35v2 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX40v2 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX41 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX42 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX43 Affected: 0 , < V1.0.12.120 (custom)
    Create a notification for this product.
    NETGEAR RAX45 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX48 Affected: 0 , < V1.0.12.118 (custom)
    Create a notification for this product.
    NETGEAR RAX50 Affected: 0 , < V1.0.12.120 (custom)
    Create a notification for this product.
    NETGEAR RAX50S Affected: 0 , < V1.0.12.120 (custom)
    Create a notification for this product.
    NETGEAR RAXE450 Affected: 0 , < V1.0.10.86 (custom)
    Create a notification for this product.
    NETGEAR RAXE500 Affected: 0 , < V1.0.10.86 (custom)
    Create a notification for this product.
    NETGEAR XR1000 Affected: 0 , < V1.0.0.68 (custom)
    Create a notification for this product.
    Date Public
    2026-06-09 00:00
    Credits
    pjqwudi
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-9210",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T18:03:30.063423Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T18:39:39.151Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "EX3700",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.0.100",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EX3800",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.0.100",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EX6120",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.0.72",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EX6130",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.0.54",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MR60",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.7.132",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MR70",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.3.28",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MR80",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.7.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MS60",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.7.132",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MS70",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.3.28",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MS80",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.7.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R6400v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.4.128",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R6700v3",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.4.128",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R6900P",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.3.3.152",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R7000",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.11.216",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R7000P",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.3.3.152",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R7960P",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.4.4.92",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R8000P",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.4.4.92",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "R8500",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.2.160",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX20",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.18.144",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX35v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX40v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX41",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX42",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX43",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.120",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX45",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX48",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.118",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX50",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.120",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX50S",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.12.120",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAXE450",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.10.86",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAXE500",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.10.86",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "XR1000",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.0.68",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:ex3700:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.0.100",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:ex3800:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.0.100",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:ex6120:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.0.72",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:ex6130:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.0.54",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:mr60:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.1.7.132",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:mr70:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.3.28",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:mr80:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.1.7.14",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:ms60:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.1.7.132",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:ms70:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.3.28",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:ms80:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.1.7.14",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r6400v2:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.4.128",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r6700v3:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.4.128",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r6900p:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.3.3.152",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r7000:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.11.216",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r7000p:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.3.3.152",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r7960p:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.4.4.92",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r8000p:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.4.4.92",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:r8500:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "*",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax20:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.18.144",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax35v2:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.118",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax40v2:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.118",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax41:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.118",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax42:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.118",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax43:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.120",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax45:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.118",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax48:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.118",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax50:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.120",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:rax50s:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.12.120",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:raxe450:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.10.86",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:raxe500:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.10.86",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                },
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:h:netgear:xr1000:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "v1.0.0.68",
                      "versionStartIncluding": "0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "pjqwudi"
            }
          ],
          "datePublic": "2026-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cp\u003eInsufficient input validation vulnerability in the\u0026nbsp;listed NETGEAR models allows\u0026nbsp;authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.\u003c/p\u003e\u003c/div\u003e"
                }
              ],
              "value": "Insufficient input validation vulnerability in the\u00a0listed NETGEAR models allows\u00a0authenticated administrators connected to the local network to make unauthorized modification of router software and functionality."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper input validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-11T05:38:03.646Z",
            "orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
            "shortName": "NETGEAR"
          },
          "references": [
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ex3700/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ex3800/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ex6120/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/mr60/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ex6130/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ms70/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ms60/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/mr80/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/ms80/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/mr70/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r6400v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r6700v3/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r6900p/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r7960p/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r7000p/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r8000p/"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.netgear.com/support/product/r8500/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax48/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r7000/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax40v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax20/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax35v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax41/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax42/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax45/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax50/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax43/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax50s/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/raxe450/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/raxe500/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/xr1000/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDevices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\u003c/p\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eProduct\u003c/th\u003e\u003cth\u003eFixed Version\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eEX3700\u003c/b\u003e AC750 WiFi Range Extender Essentials Edition\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ex3700/\"\u003eV1.0.0.100\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eEX3800 (EoS)\u003c/b\u003e AC750 WiFi Range Extender Essentials Edition\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ex3800/\"\u003eV1.0.0.100\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eEX6120\u003c/b\u003e AC1200 Dual Band WiFi Range Extender\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ex6120/\"\u003eV1.0.0.72\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eEX6130\u003c/b\u003e AC1200 WiFi Range Extender\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ex6130/\"\u003eV1.0.0.54\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMR60\u003c/b\u003e Nighthawk Mesh WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/mr60/\"\u003eV1.1.7.132\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMR70\u003c/b\u003e Nighthawk Mesh WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/mr70/\"\u003eV1.0.3.28\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMR80\u003c/b\u003e Nighthawk Tri-band Mesh WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/mr80/\"\u003eV1.1.7.14\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMS60\u003c/b\u003e Nighthawk Mesh WiFi 6 Add-on Satellite\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ms60/\"\u003eV1.1.7.132\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMS70\u003c/b\u003e Nighthawk Mesh WiFi 6 Add-on Satellite\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ms70/\"\u003eV1.0.3.28\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eMS80\u003c/b\u003e Nighthawk Tri-band Mesh WiFi 6 Add-on Satellite\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/ms80/\"\u003eV1.1.7.14\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR6400v2 (EoS)\u003c/b\u003e AC1750 Smart WiFi Router 802.11ac Dual Band Gigabit\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r6400v2/\"\u003eV1.0.4.128\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR6700v3 (EoS)\u003c/b\u003e Nighthawk AC1750 Smart WiFi Dual Band Gigabit Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r6700v3/\"\u003eV1.0.4.128\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR6900P (EoS)\u003c/b\u003e Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r6900p/\"\u003eV1.3.3.152\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR7000 (EoS)\u003c/b\u003e Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r7000/\"\u003eV1.0.11.216\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR7000P (EoS)\u003c/b\u003e Nighthawk AC2300 Smart WiFi Dual Band Gigabit Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r7000p/\"\u003eV1.3.3.152\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR7960P (EoS)\u003c/b\u003e Nighthawk X6S AC3600 Tri-Band WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r7960p/\"\u003eV1.4.4.92\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR8000P (EoS)\u003c/b\u003e Nighthawk X6S AC4000 Tri Band WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r8000p/\"\u003eV1.4.4.92\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR8500 (EoS)\u003c/b\u003e Nighthawk X8 AC5300 Smart WiFi Router\u003c/td\u003e\u003ctd\u003eEOS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX20 (EoS)\u003c/b\u003e 4-Stream AX1800 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax20/\"\u003eV1.0.18.144\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX35v2\u003c/b\u003e Nighthawk AX4 4-Stream AX3000 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax35v2/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX40v2\u003c/b\u003e Nighthawk AX4 4-Stream WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax40v2/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX41 (EoS)\u003c/b\u003e Nighthawk AX5 5-Stream AX3600 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax41/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX42 (EoS)\u003c/b\u003e Nighthawk AX5 5-Stream AX4200 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax42/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX43 (EoS)\u003c/b\u003e Nighthawk AX5 5-Stream AX4200 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax43/\"\u003eV1.0.12.120\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX45 (EoS)\u003c/b\u003e Nighthawk AX6 6-Stream AX4300 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax45/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX48\u003c/b\u003e Nighthawk AX6 6-Stream AX5200 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax48/\"\u003eV1.0.12.118\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX50\u003c/b\u003e Nighthawk AX6 6-Stream AX5400 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax50/\"\u003eV1.0.12.120\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX50S\u003c/b\u003e Nighthawk AX6 6-Stream AX5400 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax50s/\"\u003eV1.0.12.120\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAXE450\u003c/b\u003e Nighthawk AXE10000 Tri-Band WiFi 6E Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/raxe450/\"\u003eV1.0.10.86\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAXE500\u003c/b\u003e Nighthawk AX12 12-Stream AXE11000 Tri-Band WiFi 6E Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/raxe500/\"\u003eV1.0.10.86\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eXR1000\u003c/b\u003e Nighthawk WiFi 6 Pro Gaming Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/xr1000/\"\u003eV1.0.0.68\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003eModels marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support.\u003c/p\u003e"
                }
              ],
              "value": "Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\n\nProductFixed VersionEX3700 AC750 WiFi Range Extender Essentials Edition V1.0.0.100 https://www.netgear.com/support/product/ex3700/ EX3800 (EoS) AC750 WiFi Range Extender Essentials Edition V1.0.0.100 https://www.netgear.com/support/product/ex3800/ EX6120 AC1200 Dual Band WiFi Range Extender V1.0.0.72 https://www.netgear.com/support/product/ex6120/ EX6130 AC1200 WiFi Range Extender V1.0.0.54 https://www.netgear.com/support/product/ex6130/ MR60 Nighthawk Mesh WiFi 6 Router V1.1.7.132 https://www.netgear.com/support/product/mr60/ MR70 Nighthawk Mesh WiFi 6 Router V1.0.3.28 https://www.netgear.com/support/product/mr70/ MR80 Nighthawk Tri-band Mesh WiFi 6 Router V1.1.7.14 https://www.netgear.com/support/product/mr80/ MS60 Nighthawk Mesh WiFi 6 Add-on Satellite V1.1.7.132 https://www.netgear.com/support/product/ms60/ MS70 Nighthawk Mesh WiFi 6 Add-on Satellite V1.0.3.28 https://www.netgear.com/support/product/ms70/ MS80 Nighthawk Tri-band Mesh WiFi 6 Add-on Satellite V1.1.7.14 https://www.netgear.com/support/product/ms80/ R6400v2 (EoS) AC1750 Smart WiFi Router 802.11ac Dual Band Gigabit V1.0.4.128 https://www.netgear.com/support/product/r6400v2/ R6700v3 (EoS) Nighthawk AC1750 Smart WiFi Dual Band Gigabit Router V1.0.4.128 https://www.netgear.com/support/product/r6700v3/ R6900P (EoS) Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router V1.3.3.152 https://www.netgear.com/support/product/r6900p/ R7000 (EoS) Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router V1.0.11.216 https://www.netgear.com/support/product/r7000/ R7000P (EoS) Nighthawk AC2300 Smart WiFi Dual Band Gigabit Router V1.3.3.152 https://www.netgear.com/support/product/r7000p/ R7960P (EoS) Nighthawk X6S AC3600 Tri-Band WiFi Router V1.4.4.92 https://www.netgear.com/support/product/r7960p/ R8000P (EoS) Nighthawk X6S AC4000 Tri Band WiFi Router V1.4.4.92 https://www.netgear.com/support/product/r8000p/ R8500 (EoS) Nighthawk X8 AC5300 Smart WiFi RouterEOSRAX20 (EoS) 4-Stream AX1800 WiFi 6 Router V1.0.18.144 https://www.netgear.com/support/product/rax20/ RAX35v2 Nighthawk AX4 4-Stream AX3000 WiFi 6 Router V1.0.12.118 https://www.netgear.com/support/product/rax35v2/ RAX40v2 Nighthawk AX4 4-Stream WiFi Router V1.0.12.118 https://www.netgear.com/support/product/rax40v2/ RAX41 (EoS) Nighthawk AX5 5-Stream AX3600 WiFi Router V1.0.12.118 https://www.netgear.com/support/product/rax41/ RAX42 (EoS) Nighthawk AX5 5-Stream AX4200 WiFi Router V1.0.12.118 https://www.netgear.com/support/product/rax42/ RAX43 (EoS) Nighthawk AX5 5-Stream AX4200 WiFi Router V1.0.12.120 https://www.netgear.com/support/product/rax43/ RAX45 (EoS) Nighthawk AX6 6-Stream AX4300 WiFi Router V1.0.12.118 https://www.netgear.com/support/product/rax45/ RAX48 Nighthawk AX6 6-Stream AX5200 WiFi 6 Router V1.0.12.118 https://www.netgear.com/support/product/rax48/ RAX50 Nighthawk AX6 6-Stream AX5400 WiFi 6 Router V1.0.12.120 https://www.netgear.com/support/product/rax50/ RAX50S Nighthawk AX6 6-Stream AX5400 WiFi 6 Router V1.0.12.120 https://www.netgear.com/support/product/rax50s/ RAXE450 Nighthawk AXE10000 Tri-Band WiFi 6E Router V1.0.10.86 https://www.netgear.com/support/product/raxe450/ RAXE500 Nighthawk AX12 12-Stream AXE11000 Tri-Band WiFi 6E Router V1.0.10.86 https://www.netgear.com/support/product/raxe500/ XR1000 Nighthawk WiFi 6 Pro Gaming Router V1.0.0.68 https://www.netgear.com/support/product/xr1000/ \n\nModels marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Certain NETGEAR routers allow authenticated administrators to gain unintended control of the router",
          "x_generator": {
            "engine": "Vulnogram 1.0.3"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
        "assignerShortName": "NETGEAR",
        "cveId": "CVE-2026-9210",
        "datePublished": "2026-06-09T15:50:48.947Z",
        "dateReserved": "2026-05-21T17:29:00.866Z",
        "dateUpdated": "2026-06-11T05:38:03.646Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0410 (GCVE-0-2026-0410)

    Vulnerability from cvelistv5 – Published: 2026-06-09 15:41 – Updated: 2026-06-10 15:24
    VLAI
    Title
    Insufficient input validation in certain NETGEAR routers
    Summary
    Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Insufficient input validation
    Assigner
    Impacted products
    Vendor Product Version
    NETGEAR R7000 Affected: 0 , < V1.0.11.216 (custom)
    Create a notification for this product.
    NETGEAR RAX20 Affected: 0 , < V1.0.18.144 (custom)
    Create a notification for this product.
    NETGEAR RAX35v2 Affected: 0 , < V1.0.16.132 (custom)
    Create a notification for this product.
    NETGEAR RAX41 Affected: 0 , < V1.0.16.132 (custom)
    Create a notification for this product.
    NETGEAR RAX41v2 Affected: 0 , < V1.1.4.28 (custom)
    Create a notification for this product.
    NETGEAR RAX42 Affected: 0 , < V1.0.16.132 (custom)
    Create a notification for this product.
    NETGEAR RAX42v2 Affected: 0 , < V1.1.4.28 (custom)
    Create a notification for this product.
    NETGEAR RAX43 Affected: 0 , < V1.0.16.132 (custom)
    Create a notification for this product.
    NETGEAR RAX43v2 Affected: 0 , < V1.1.4.28 (custom)
    Create a notification for this product.
    NETGEAR RAX45 Affected: 0 , < V1.0.16.132 (custom)
    Create a notification for this product.
    NETGEAR RAX49S Affected: 0 , < V1.1.4.28 (custom)
    Create a notification for this product.
    NETGEAR RAX50 Affected: 0 , < V1.0.16.132 (custom)
    Create a notification for this product.
    NETGEAR RAX50S Affected: 0 , < V1.0.16.132 (custom)
    Create a notification for this product.
    NETGEAR RAX50v2 Affected: 0 , < V1.1.4.28 (custom)
    Create a notification for this product.
    NETGEAR RAX54Sv2 Affected: 0 , < V1.1.4.28 (custom)
    Create a notification for this product.
    NETGEAR RAX54v2 Affected: 0 , < V1.1.4.28 (custom)
    Create a notification for this product.
    NETGEAR RAXE450 Affected: 0 , < V1.2.14.114 (custom)
    Create a notification for this product.
    NETGEAR RAXE500 Affected: 0 , < V1.2.14.114 (custom)
    Create a notification for this product.
    NETGEAR XR1000 Affected: 0 , < V1.1.0.22 (custom)
    Create a notification for this product.
    NETGEAR XR1000v2 Affected: 0 , < V1.1.0.22 (custom)
    Create a notification for this product.
    Date Public
    2026-06-09 00:00
    Credits
    SmallS
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0410",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T17:27:32.030390Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T18:40:24.087Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "R7000",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.11.216",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX20",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.18.144",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX35v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.16.132",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX41",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.16.132",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX41v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.4.28",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX42",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.16.132",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX42v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.4.28",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX43",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.16.132",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX43v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.4.28",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX45",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.16.132",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX49S",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.4.28",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX50",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.16.132",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX50S",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.0.16.132",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX50v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.4.28",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX54Sv2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.4.28",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAX54v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.4.28",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAXE450",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.2.14.114",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RAXE500",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.2.14.114",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "XR1000",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.0.22",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "XR1000v2",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "lessThan": "V1.1.0.22",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "SmallS"
            }
          ],
          "datePublic": "2026-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eAuthenticated administrators connected to the local network can gain \nelevated access to the router and make unauthorized changes to router \nsoftware and functionality.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "Authenticated administrators connected to the local network can gain \nelevated access to the router and make unauthorized changes to router \nsoftware and functionality."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 1.9,
                "baseSeverity": "LOW",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "DIFFUSE",
                "vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Insufficient input validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-10T15:24:02.912Z",
            "orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
            "shortName": "NETGEAR"
          },
          "references": [
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax20/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/r7000/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax35v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax41/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax41v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax42v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax42/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax43/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax43v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax45/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/raxe450/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax50s/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax50/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax54sv2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/xr1000/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/xr1000v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax50v2/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/rax49s/"
            },
            {
              "tags": [
                "product",
                "patch"
              ],
              "url": "https://www.netgear.com/support/product/raxe500/"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDevices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\u003c/p\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eProduct\u003c/th\u003e\u003cth\u003eFixed Version\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eR7000 (EoS)\u003c/b\u003e Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/r7000/\"\u003eV1.0.11.216\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX20 (EoS)\u003c/b\u003e 4-Stream AX1800 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax20/\"\u003eV1.0.18.144\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX35v2\u003c/b\u003e Nighthawk AX4 4-Stream AX3000 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax35v2/\"\u003eV1.0.16.132\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX41 (EoS)\u003c/b\u003e Nighthawk AX5 5-Stream AX3600 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax41/\"\u003eV1.0.16.132\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX41v2\u003c/b\u003e Nighthawk AX5 5-Stream AX3600 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax41v2/\"\u003eV1.1.4.28\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX42 (EoS)\u003c/b\u003e Nighthawk AX5 5-Stream AX4200 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax42/\"\u003eV1.0.16.132\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX42v2\u003c/b\u003e Nighthawk AX5 5-Stream AX4200 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax42v2/\"\u003eV1.1.4.28\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX43 (EoS)\u003c/b\u003e Nighthawk AX5 5-Stream AX4200 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax43/\"\u003eV1.0.16.132\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX43v2\u003c/b\u003e Nighthawk AX5 5-Stream AX4200 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax43v2/\"\u003eV1.1.4.28\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX45 (EoS)\u003c/b\u003e Nighthawk AX6 6-Stream AX4300 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax45/\"\u003eV1.0.16.132\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX49S\u003c/b\u003e Nighthawk AX6 6-Stream AX5300 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax49s/\"\u003eV1.1.4.28\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX50\u003c/b\u003e Nighthawk AX6 6-Stream AX5400 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax50/\"\u003eV1.0.16.132\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX50S\u003c/b\u003e Nighthawk AX6 6-Stream AX5400 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax50s/\"\u003eV1.0.16.132\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX50v2\u003c/b\u003e Nighthawk AX6 6-Stream AX5400 WiFi 6 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax50v2/\"\u003eV1.1.4.28\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX54Sv2\u003c/b\u003e Nighthawk AX6 6-Stream AX5400 WiFi Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rax54sv2/\"\u003eV1.1.4.28\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAX54v2\u003c/b\u003e\u003c/td\u003e\u003ctd\u003eV1.1.4.28\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAXE450\u003c/b\u003e Nighthawk AXE10000 Tri-Band WiFi 6E Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/raxe450/\"\u003eV1.2.14.114\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRAXE500\u003c/b\u003e Nighthawk AX12 12-Stream AXE11000 Tri-Band WiFi 6E Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/raxe500/\"\u003eV1.2.14.114\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eXR1000\u003c/b\u003e Nighthawk WiFi 6 Pro Gaming Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/xr1000/\"\u003eV1.1.0.22\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eXR1000v2\u003c/b\u003e Nighthawk WiFi 6 Pro Gaming Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/xr1000v2/\"\u003eV1.1.0.22\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003eModels marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support.\u003c/p\u003e"
                }
              ],
              "value": "Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\n\nProductFixed VersionR7000 (EoS) Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router V1.0.11.216 https://www.netgear.com/support/product/r7000/ RAX20 (EoS) 4-Stream AX1800 WiFi 6 Router V1.0.18.144 https://www.netgear.com/support/product/rax20/ RAX35v2 Nighthawk AX4 4-Stream AX3000 WiFi 6 Router V1.0.16.132 https://www.netgear.com/support/product/rax35v2/ RAX41 (EoS) Nighthawk AX5 5-Stream AX3600 WiFi Router V1.0.16.132 https://www.netgear.com/support/product/rax41/ RAX41v2 Nighthawk AX5 5-Stream AX3600 WiFi Router V1.1.4.28 https://www.netgear.com/support/product/rax41v2/ RAX42 (EoS) Nighthawk AX5 5-Stream AX4200 WiFi Router V1.0.16.132 https://www.netgear.com/support/product/rax42/ RAX42v2 Nighthawk AX5 5-Stream AX4200 WiFi Router V1.1.4.28 https://www.netgear.com/support/product/rax42v2/ RAX43 (EoS) Nighthawk AX5 5-Stream AX4200 WiFi Router V1.0.16.132 https://www.netgear.com/support/product/rax43/ RAX43v2 Nighthawk AX5 5-Stream AX4200 WiFi Router V1.1.4.28 https://www.netgear.com/support/product/rax43v2/ RAX45 (EoS) Nighthawk AX6 6-Stream AX4300 WiFi Router V1.0.16.132 https://www.netgear.com/support/product/rax45/ RAX49S Nighthawk AX6 6-Stream AX5300 WiFi Router V1.1.4.28 https://www.netgear.com/support/product/rax49s/ RAX50 Nighthawk AX6 6-Stream AX5400 WiFi 6 Router V1.0.16.132 https://www.netgear.com/support/product/rax50/ RAX50S Nighthawk AX6 6-Stream AX5400 WiFi 6 Router V1.0.16.132 https://www.netgear.com/support/product/rax50s/ RAX50v2 Nighthawk AX6 6-Stream AX5400 WiFi 6 Router V1.1.4.28 https://www.netgear.com/support/product/rax50v2/ RAX54Sv2 Nighthawk AX6 6-Stream AX5400 WiFi Router V1.1.4.28 https://www.netgear.com/support/product/rax54sv2/ RAX54v2V1.1.4.28RAXE450 Nighthawk AXE10000 Tri-Band WiFi 6E Router V1.2.14.114 https://www.netgear.com/support/product/raxe450/ RAXE500 Nighthawk AX12 12-Stream AXE11000 Tri-Band WiFi 6E Router V1.2.14.114 https://www.netgear.com/support/product/raxe500/ XR1000 Nighthawk WiFi 6 Pro Gaming Router V1.1.0.22 https://www.netgear.com/support/product/xr1000/ XR1000v2 Nighthawk WiFi 6 Pro Gaming Router V1.1.0.22 https://www.netgear.com/support/product/xr1000v2/ \n\nModels marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Insufficient input validation in certain NETGEAR routers",
          "x_generator": {
            "engine": "Vulnogram 1.0.3"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
        "assignerShortName": "NETGEAR",
        "cveId": "CVE-2026-0410",
        "datePublished": "2026-06-09T15:41:47.808Z",
        "dateReserved": "2025-12-03T04:16:17.013Z",
        "dateUpdated": "2026-06-10T15:24:02.912Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-40619 (GCVE-0-2022-40619)

    Vulnerability from cvelistv5 – Published: 2026-01-28 00:00 – Updated: 2026-01-29 18:52
    VLAI Shadowserver
    Summary
    FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsq_access_token parameter. This affects R6230 before 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 before 1.0.5.42, and XR300 before 1.0.3.72 and Orbi RBR20 before 2.7.2.26, RBR50 before 2.7.4.26, RBS20 before 2.7.2.26, and RBS50 before 2.7.4.26.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 7.7,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-40619",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-29T18:51:27.553100Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-29T18:52:26.839Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsq_access_token parameter. This affects R6230 before 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 before 1.0.5.42, and XR300 before 1.0.3.72 and Orbi RBR20 before 2.7.2.26, RBR50 before 2.7.4.26, RBS20 before 2.7.2.26, and RBS50 before 2.7.4.26."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-28T18:44:47.297Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://kb.netgear.com/000065132/Security-Advisory-for-Vulnerabilities-in-FunJSQ-on-Some-Routers-and-Orbi-WiFi-Systems-PSV-2022-0117"
            },
            {
              "url": "https://www.onekey.com/resource/security-advisory-netgear-routers-funjsq-vulnerabilities"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-40619",
        "datePublished": "2026-01-28T00:00:00.000Z",
        "dateReserved": "2022-09-12T00:00:00.000Z",
        "dateUpdated": "2026-01-29T18:52:26.839Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-40620 (GCVE-0-2022-40620)

    Vulnerability from cvelistv5 – Published: 2026-01-28 00:00 – Updated: 2026-01-29 18:51
    VLAI
    Summary
    FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. An attacker (suitably positioned on the network) could intercept the update request and deliver a malicious update package in order to gain arbitrary code execution on affected devices. This affects R6230 before 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 before 1.0.5.42, and XR300 before 1.0.3.72 and Orbi RBR20 before 2.7.2.26, RBR50 before 2.7.4.26, RBS20 before 2.7.2.26, and RBS50 before 2.7.4.26.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-295 - Improper Certificate Validation
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 7.7,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-40620",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-29T18:50:57.412712Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-295",
                    "description": "CWE-295 Improper Certificate Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-29T18:51:01.983Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. An attacker (suitably positioned on the network) could intercept the update request and deliver a malicious update package in order to gain arbitrary code execution on affected devices. This affects R6230 before 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 before 1.0.5.42, and XR300 before 1.0.3.72 and Orbi RBR20 before 2.7.2.26, RBR50 before 2.7.4.26, RBS20 before 2.7.2.26, and RBS50 before 2.7.4.26."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-28T18:45:15.769Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://kb.netgear.com/000065132/Security-Advisory-for-Vulnerabilities-in-FunJSQ-on-Some-Routers-and-Orbi-WiFi-Systems-PSV-2022-0117"
            },
            {
              "url": "https://www.onekey.com/resource/security-advisory-netgear-routers-funjsq-vulnerabilities"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-40620",
        "datePublished": "2026-01-28T00:00:00.000Z",
        "dateReserved": "2022-09-12T00:00:00.000Z",
        "dateUpdated": "2026-01-29T18:51:01.983Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-44650 (GCVE-0-2025-44650)

    Vulnerability from cvelistv5 – Published: 2025-07-21 00:00 – Updated: 2025-08-07 13:29
    VLAI
    Summary
    In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2, the USERLIMIT_GLOBAL option is set to 0 in the bftpd.conf configuration file. This can cause DoS attacks when unlimited users are connected.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-44650",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-22T15:47:00.463097Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-22T15:47:28.565Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2, the USERLIMIT_GLOBAL option is set to 0 in the bftpd.conf configuration file. This can cause DoS attacks when unlimited users are connected."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-07T13:29:43.759Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.netgear.com/about/security/"
            },
            {
              "url": "https://gist.github.com/TPCchecker/d13d15dfa8965ba88a9437718f77f67d"
            },
            {
              "url": "https://www.notion.so/CVE-2025-44650-24754a1113e780dca89dca218b90b1d9"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-44650",
        "datePublished": "2025-07-21T00:00:00.000Z",
        "dateReserved": "2025-04-22T00:00:00.000Z",
        "dateUpdated": "2025-08-07T13:29:43.759Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-35520 (GCVE-0-2024-35520)

    Vulnerability from cvelistv5 – Published: 2024-10-14 00:00 – Updated: 2024-10-15 14:23
    VLAI
    Summary
    Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    netgear r7000_firmware Affected: 1.0.11.136
        cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:netgear:r7000_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "r7000_firmware",
                "vendor": "netgear",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0.11.136"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-35520",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T14:09:34.784101Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T14:23:36.216Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AC:L/AV:A/A:H/C:H/I:H/PR:H/S:C/UI:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-14T21:07:39.206Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://kb.netgear.com/000066027/Security-Advisory-for-Post-Authentication-Command-Injection-on-the-R7000-PSV-2023-0154"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-35520",
        "datePublished": "2024-10-14T00:00:00.000Z",
        "dateReserved": "2024-05-17T00:00:00.000Z",
        "dateUpdated": "2024-10-15T14:23:36.216Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34983 (GCVE-0-2021-34983)

    Vulnerability from cvelistv5 – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
    VLAI
    Title
    NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability
    Summary
    NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13708.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    NETGEAR Multiple Routers Affected: V1.0.11.116_10.2.100
    Create a notification for this product.
    Date Public
    2021-10-29 13:54
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-34983",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T15:08:46.169063Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-18T18:38:20.962Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:26:55.842Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-21-1275",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1275/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Multiple Routers",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.0.11.116_10.2.100"
                }
              ]
            }
          ],
          "dateAssigned": "2021-06-30T13:56:51.720Z",
          "datePublic": "2021-10-29T13:54:16.924Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of authentication prior to allowing access to system configuration information. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13708."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-07T22:54:51.052Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-21-1275",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1275/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Sungur Labs"
          },
          "title": "NETGEAR Multiple Routers httpd Missing Authentication for Critical Function Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2021-34983",
        "datePublished": "2024-05-07T22:54:51.052Z",
        "dateReserved": "2021-06-17T19:27:05.662Z",
        "dateUpdated": "2024-08-04T00:26:55.842Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34982 (GCVE-0-2021-34982)

    Vulnerability from cvelistv5 – Published: 2024-05-07 22:54 – Updated: 2024-08-04 00:26
    VLAI
    Title
    NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability
    Summary
    NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. . Was ZDI-CAN-13709.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    zdi
    References
    Impacted products
    Vendor Product Version
    NETGEAR Multiple Routers Affected: V1.0.11.116_10.2.100
    Create a notification for this product.
    netgear multiple_router_firmware Affected: 1.0.11.116_10.0.100
        cpe:2.3:o:netgear:multiple_router_firmware:1.0.11.116_10.0.100:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2021-10-29 13:54
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:netgear:multiple_router_firmware:1.0.11.116_10.0.100:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "multiple_router_firmware",
                "vendor": "netgear",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0.11.116_10.0.100"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-34982",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T14:52:41.415481Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:12:45.927Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:26:55.936Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ZDI-21-1274",
                "tags": [
                  "x_research-advisory",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1274/"
              },
              {
                "name": "vendor-provided URL",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Multiple Routers",
              "vendor": "NETGEAR",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.0.11.116_10.2.100"
                }
              ]
            }
          ],
          "dateAssigned": "2021-06-30T13:56:51.718Z",
          "datePublic": "2021-10-29T13:54:08.659Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the httpd service, which listens on TCP port 80 by default. When parsing the strings file, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root.\n\n\n\n\n. Was ZDI-CAN-13709."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-07T22:54:50.139Z",
            "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
            "shortName": "zdi"
          },
          "references": [
            {
              "name": "ZDI-21-1274",
              "tags": [
                "x_research-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1274/"
            },
            {
              "name": "vendor-provided URL",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://kb.netgear.com/000064313/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Extenders-Routers-and-DSL-Modem-Routers-PSV-2021-0159"
            }
          ],
          "source": {
            "lang": "en",
            "value": "Sungur Labs"
          },
          "title": "NETGEAR Multiple Routers httpd Stack-based Buffer Overflow Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "assignerShortName": "zdi",
        "cveId": "CVE-2021-34982",
        "datePublished": "2024-05-07T22:54:50.139Z",
        "dateReserved": "2021-06-17T19:27:05.662Z",
        "dateUpdated": "2024-08-04T00:26:55.936Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1431 (GCVE-0-2024-1431)

    Vulnerability from cvelistv5 – Published: 2024-02-11 02:31 – Updated: 2024-08-01 18:40
    VLAI
    Title
    Netgear R7000 Web Management Interface debuginfo.htm information disclosure
    Summary
    A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253382 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Netgear R7000 Affected: 1.0.11.136_10.2.120
    Create a notification for this product.
    Credits
    leetsun (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1431",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-12T13:37:18.114368Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T17:20:50.569Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:40:21.093Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.253382"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.253382"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/leetsun/Hints/tree/main/R7000/2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Web Management Interface"
              ],
              "product": "R7000",
              "vendor": "Netgear",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.11.136_10.2.120"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "leetsun (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253382 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "Eine Schwachstelle wurde in Netgear R7000 1.0.11.136_10.2.120 gefunden. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /debuginfo.htm der Komponente Web Management Interface. Durch Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 3.3,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Information Disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-11T02:31:04.685Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.253382"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.253382"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/leetsun/Hints/tree/main/R7000/2"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-02-10T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-02-10T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-02-10T10:48:18.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Netgear R7000 Web Management Interface debuginfo.htm information disclosure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-1431",
        "datePublished": "2024-02-11T02:31:04.685Z",
        "dateReserved": "2024-02-10T09:42:59.598Z",
        "dateUpdated": "2024-08-01T18:40:21.093Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1430 (GCVE-0-2024-1430)

    Vulnerability from cvelistv5 – Published: 2024-02-11 00:31 – Updated: 2024-08-25 05:52
    VLAI
    Title
    Netgear R7000 Web Management Interface currentsetting.htm information disclosure
    Summary
    A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Netgear R7000 Affected: 1.0.11.136_10.2.120
    Create a notification for this product.
    netgear r7000_firmware Affected: 1.0.11.136_10.2.120
        cpe:2.3:o:netgear:r7000_firmware:1.0.11.136_10.2.120:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    leetsun (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:netgear:r7000_firmware:1.0.11.136_10.2.120:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "r7000_firmware",
                "vendor": "netgear",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0.11.136_10.2.120"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1430",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-21T20:44:12.428892Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-15T20:33:07.639Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:40:21.040Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.253381"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.253381"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/leetsun/Hints/tree/main/R7000/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Web Management Interface"
              ],
              "product": "R7000",
              "vendor": "Netgear",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.11.136_10.2.120"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "leetsun (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In Netgear R7000 1.0.11.136_10.2.120 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /currentsetting.htm der Komponente Web Management Interface. Durch das Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 3.3,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Information Disclosure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-25T05:52:59.935Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-253381 | Netgear R7000 Web Management Interface currentsetting.htm information disclosure",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.253381"
            },
            {
              "name": "VDB-253381 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.253381"
            },
            {
              "name": "Submit #276025 | Netgear R7000 \u2014  Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router V1.0.11.136_10.2.120 Incorrect Access Control",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.276025"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://github.com/leetsun/Hints/tree/main/R7000/1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.netgear.com/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-02-10T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-02-10T00:00:00.000Z",
              "value": "CVE reserved"
            },
            {
              "lang": "en",
              "time": "2024-02-10T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-03-03T11:32:07.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Netgear R7000 Web Management Interface currentsetting.htm information disclosure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-1430",
        "datePublished": "2024-02-11T00:31:04.302Z",
        "dateReserved": "2024-02-10T09:42:57.248Z",
        "dateUpdated": "2024-08-25T05:52:59.935Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-36187 (GCVE-0-2023-36187)

    Vulnerability from cvelistv5 – Published: 2023-09-01 00:00 – Updated: 2024-10-01 16:26
    VLAI
    Summary
    Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Impacted products
    Vendor Product Version
    netgear r6400v2 Affected: 0 , < 1.0.4.118 (custom)
        cpe:2.3:h:netgear:r6400v2:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:37:41.263Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kb.netgear.com/000065571/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0578"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:netgear:r6400v2:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "r6400v2",
                "vendor": "netgear",
                "versions": [
                  {
                    "lessThan": "1.0.4.118",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36187",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-01T16:25:37.076547Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-01T16:26:34.615Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-01T15:04:10.728Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://kb.netgear.com/000065571/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2020-0578"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-36187",
        "datePublished": "2023-09-01T00:00:00.000Z",
        "dateReserved": "2023-06-21T00:00:00.000Z",
        "dateUpdated": "2024-10-01T16:26:34.615Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }