FKIE_CVE-2026-0415
Vulnerability from fkie_nvd - Published: 2026-06-09 17:16 - Updated: 2026-06-18 17:56
Severity
Summary
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netgear | rbe970_firmware | * | |
| netgear | rbe970 | - | |
| netgear | rbr750_firmware | * | |
| netgear | rbr750 | - | |
| netgear | rbr840_firmware | * | |
| netgear | rbr840 | - | |
| netgear | rbr850_firmware | * | |
| netgear | rbr850 | - | |
| netgear | rbr860_firmware | * | |
| netgear | rbr860 | - | |
| netgear | rbre950_firmware | * | |
| netgear | rbre950 | - | |
| netgear | rbre960_firmware | * | |
| netgear | rbre960 | - | |
| netgear | rbs750_firmware | * | |
| netgear | rbs750 | - | |
| netgear | rbs840_firmware | * | |
| netgear | rbs840 | - | |
| netgear | rbs850_firmware | * | |
| netgear | rbs850 | - | |
| netgear | rbs860_firmware | * | |
| netgear | rbs860 | - | |
| netgear | rbse950_firmware | * | |
| netgear | rbse950 | - | |
| netgear | rbse960_firmware | * | |
| netgear | rbse960 | - |
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"product": "RBE970",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V9.12.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBR750",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBR840",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBR850",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBR860",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBRE950",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBRE960",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBS750",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBS840",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBS850",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBS860",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBSE950",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBSE960",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"source": "a2826606-91e7-4eb6-899e-8484bd4575d5"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbe970_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "301DE3B8-EF02-46C6-96EF-3735CE242BBC",
"versionEndExcluding": "9.12.4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbe970:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE1F3088-9598-4EB5-A8A0-E0D4E529CB12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D73C133-BD68-4532-B267-61796ECB1A07",
"versionEndExcluding": "7.2.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C13F5C69-FA9B-472A-9036-0C2967BDCDE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr840_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C730F75-337C-44C5-9DE7-E532D7C3C8BC",
"versionEndExcluding": "7.2.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr840:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4489CB05-A1C0-408C-8D8C-56EE98CA20E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E5B3B94-CC3D-4CFC-9FE2-9EF5CEBD4B1A",
"versionEndExcluding": "7.2.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D92E4C8E-222A-476C-8273-F7171FC61F0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbr860_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "659D5BE0-C045-48FD-9214-B35D408AF0BA",
"versionEndExcluding": "7.2.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbr860:-:*:*:*:*:*:*:*",
"matchCriteriaId": "928FC2C1-4D05-495B-ACD8-1D013EB18EE6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbre950_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08EA0CCC-1FAD-47D3-B70E-1991AE30C12E",
"versionEndExcluding": "7.2.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbre950:-:*:*:*:*:*:*:*",
"matchCriteriaId": "848E7D41-EB61-4AB3-9AED-8E35281DB464",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbre960_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C22E56DA-E0B9-4A24-B818-F7919B8CDB5C",
"versionEndExcluding": "7.2.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbre960:-:*:*:*:*:*:*:*",
"matchCriteriaId": "314FF95E-5A0C-4A6B-B8D6-28546F2C1A12",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0821D003-6E44-46DB-B3D1-2CA553483036",
"versionEndExcluding": "7.2.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B529194C-C440-4BC3-850F-0613FC548F86",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs840_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A19A26FE-6D83-45F3-A852-FCD9F6E9F3D4",
"versionEndExcluding": "7.2.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs840:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84AEA27B-8BEA-4E83-819A-FDAC1881928F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79468E3C-C58C-4076-BB85-4C331BCC300C",
"versionEndExcluding": "7.2.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "221CA950-E984-44CD-9E1B-3AADE3CEBE52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbs860_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8CED97-AA9C-4655-B521-319021F1F9DB",
"versionEndExcluding": "7.2.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbs860:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6630553-D726-4524-8BD2-3EE839DE6676",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbse950_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E26EAB17-7904-4325-A21D-43B807F7DB56",
"versionEndExcluding": "7.2.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbse950:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32A3F32B-B05E-42C6-969A-0F4DD5B7942E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netgear:rbse960_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19048F97-E226-4287-A206-9006F7B91E21",
"versionEndExcluding": "7.2.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netgear:rbse960:-:*:*:*:*:*:*:*",
"matchCriteriaId": "419AF785-61C6-4911-A170-6A06D7991948",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient input validation vulnerability in the\u00a0listed NETGEAR models allows\u00a0authenticated administrators connected to the local network to make unauthorized modification of router software and functionality."
}
],
"id": "CVE-2026-0415",
"lastModified": "2026-06-18T17:56:13.980",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "UNREPORTED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-0415",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T17:02:38.168412Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-06-09T17:16:59.130",
"references": [
{
"source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"tags": [
"Vendor Advisory"
],
"url": "https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory"
},
{
"source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"tags": [
"Product"
],
"url": "https://www.netgear.com/support/product/rbe970/"
},
{
"source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"tags": [
"Product"
],
"url": "https://www.netgear.com/support/product/rbr750/"
},
{
"source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"tags": [
"Product"
],
"url": "https://www.netgear.com/support/product/rbr840/"
},
{
"source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"tags": [
"Product"
],
"url": "https://www.netgear.com/support/product/rbr850/"
},
{
"source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"tags": [
"Product"
],
"url": "https://www.netgear.com/support/product/rbr860/"
},
{
"source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"tags": [
"Product"
],
"url": "https://www.netgear.com/support/product/rbre950/"
},
{
"source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"tags": [
"Product"
],
"url": "https://www.netgear.com/support/product/rbre960/"
},
{
"source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"tags": [
"Product"
],
"url": "https://www.netgear.com/support/product/rbs750/"
},
{
"source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"tags": [
"Product"
],
"url": "https://www.netgear.com/support/product/rbs840/"
},
{
"source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"tags": [
"Product"
],
"url": "https://www.netgear.com/support/product/rbs850/"
},
{
"source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"tags": [
"Product"
],
"url": "https://www.netgear.com/support/product/rbs860/"
},
{
"source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"tags": [
"Product"
],
"url": "https://www.netgear.com/support/product/rbse950/"
},
{
"source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"tags": [
"Product"
],
"url": "https://www.netgear.com/support/product/rbse960/"
}
],
"sourceIdentifier": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"type": "Secondary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…