CVE-2026-0412

Awaiting Analysis Awaiting Analysis - Queue

Insufficient Input Validation in NETGEAR JR6150 Router

Publication date: 2026-06-09

Last updated on: 2026-06-18

Assigner: Netgear, Inc.

Description

Insufficient input validation vulnerability in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in 2018 and is no longer receiving security updates. NETGEAR strongly recommends replacing these devices with newer NETGEAR models to ensure continued security support and updates. This vulnerability has been identified through firmware emulation in a controlled research environment and has not been verified on production hardware.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-09

Last Modified

2026-06-18

Generated

2026-06-30

AI Q&A

2026-06-09

EPSS Evaluated

2026-06-28

NVD

CVE-2026-0412

EUVD

EUVD-2026-35453

Affected Vendors & Products

Vendor	Product	Version / Range
netgear	jr6150_firmware	*

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-20	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Attack-Flow Graph

Executive Summary

This vulnerability is an insufficient input validation issue in the NETGEAR JR6150 router. It allows administrators who are connected to the local network to make unauthorized modifications to the router's software and functionality.

The vulnerability was identified through firmware emulation in a controlled research environment and has not been verified on production hardware.

The affected device, NETGEAR JR6150, reached End-of-Support status in 2018 and no longer receives security updates.

Impact Analysis

If exploited, this vulnerability could allow an administrator on the local network to make unauthorized changes to the router's software and functionality.

Such unauthorized modifications could potentially compromise the security and operation of the router, leading to network disruptions or further security risks.

Since the device is no longer supported or receiving security updates, these risks cannot be mitigated through patches.

Mitigation Strategies

The NETGEAR JR6150 router has reached End-of-Support status and is no longer receiving security updates.

NETGEAR strongly recommends replacing these devices with newer NETGEAR models to ensure continued security support and updates.

Compliance Impact

The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Hi! I’m here to help you understand CVE-2026-0412. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70