CVE-2026-0417
Awaiting Analysis Awaiting Analysis - Queue

Insufficient Input Validation in NETGEAR Devices

Publication date: 2026-06-09

Last updated on: 2026-06-18

Assigner: Netgear, Inc.

Description
Insufficient input validation vulnerability in the listed NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-09
Last Modified
2026-06-18
Generated
2026-06-30
AI Q&A
2026-06-09
EPSS Evaluated
2026-06-28
NVD
CVE-2026-0417
EUVD
EUVD-2026-35460

Affected Vendors & Products

Showing 27 associated CPEs
Vendor Product Version / Range
netgear mr60_firmware to 1.1.7.132 (exc)
netgear mr70_firmware to 1.0.3.28 (exc)
netgear mr80_firmware to 1.1.7.14 (exc)
netgear ms60_firmware to 1.1.7.132 (exc)
netgear ms70_firmware to 1.0.3.28 (exc)
netgear ms80_firmware to 1.1.7.14 (exc)
netgear r6400v2_firmware to 1.0.4.128 (exc)
netgear r6700v3_firmware to 1.0.4.128 (exc)
netgear r6900p_firmware to 1.3.3.152 (exc)
netgear r7000_firmware to 1.0.11.216 (exc)
netgear r7000p_firmware to 1.3.3.152 (exc)
netgear r7960p_firmware to 1.4.4.92 (exc)
netgear r8000p_firmware to 1.4.4.92 (exc)
netgear r8500_firmware *
netgear rax20_firmware to 1.0.18.144 (exc)
netgear rax35v2_firmware to 1.0.16.132 (exc)
netgear rax40v2_firmware to 1.0.12.118 (exc)
netgear rax41_firmware to 1.0.12.118 (exc)
netgear rax42_firmware to 1.0.12.118 (exc)
netgear rax43_firmware to 1.0.12.120 (exc)
netgear rax45_firmware to 1.0.12.118 (exc)
netgear rax48_firmware to 1.0.12.118 (exc)
netgear rax50_firmware to 1.0.12.120 (exc)
netgear rax50s_firmware to 1.0.12.120 (exc)
netgear raxe450_firmware to 1.0.10.86 (exc)
netgear raxe500_firmware to 1.0.10.86 (exc)
netgear xr1000_firmware to 1.0.0.68 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an insufficient input validation issue found in certain NETGEAR devices. It allows authenticated administrators who are connected to the local network to tamper with the router's integrity.

Impact Analysis

The vulnerability could allow an authenticated administrator on the local network to manipulate or compromise the integrity of the affected NETGEAR routers. This could lead to unauthorized changes in router configuration or behavior, potentially disrupting network operations or security.

Mitigation Strategies

This vulnerability affects certain NETGEAR devices and allows authenticated administrators on the local network to tamper with the router's integrity due to insufficient input validation.

Since the vulnerability requires authenticated local access, immediate mitigation steps include restricting administrative access to trusted users only and ensuring that only authorized personnel can connect to the local network.

Additionally, it is recommended to monitor for firmware updates from NETGEAR for the affected devices and apply any patches or updates as soon as they become available to address this vulnerability.

Compliance Impact

The provided information does not specify how the vulnerability in the listed NETGEAR devices affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0417. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart