CVE-2026-0418
Awaiting Analysis Awaiting Analysis - Queue

Insufficient Configuration Management in Networked Devices

Publication date: 2026-06-09

Last updated on: 2026-06-18

Assigner: Netgear, Inc.

Description
Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-09
Last Modified
2026-06-18
Generated
2026-06-30
AI Q&A
2026-06-09
EPSS Evaluated
2026-06-28
NVD
CVE-2026-0418
EUVD
EUVD-2026-35461

Affected Vendors & Products

Showing 35 associated CPEs
Vendor Product Version / Range
netgear cbr750_firmware to 4.6.14.4 (exc)
netgear ex6120_firmware *
netgear ex6130_firmware *
netgear mr60_firmware to 1.1.7.128 (exc)
netgear mr70_firmware to 1.0.3.28 (exc)
netgear mr80_firmware to 1.1.7.6 (exc)
netgear ms60_firmware to 1.1.7.128 (exc)
netgear ms70_firmware to 1.0.3.28 (exc)
netgear ms80_firmware to 1.1.7.6 (exc)
netgear rax15_firmware *
netgear rax20_firmware *
netgear rax200_firmware *
netgear rax35v2_firmware to 1.0.11.112 (exc)
netgear rax38v2_firmware to 1.0.11.112 (exc)
netgear rax40v2_firmware to 1.0.11.112 (exc)
netgear rax42_firmware to 1.0.11.112 (exc)
netgear rax43_firmware to 1.0.11.112 (exc)
netgear rax45_firmware to 1.0.11.112 (exc)
netgear rax48_firmware to 1.0.11.112 (exc)
netgear rax50_firmware to 1.0.11.112 (exc)
netgear rax50s_firmware to 1.0.11.112 (exc)
netgear rax75_firmware *
netgear rax80_firmware *
netgear raxe450_firmware to 1.0.10.86 (exc)
netgear raxe500_firmware to 1.0.10.86 (exc)
netgear rbr750_firmware to 4.6.14.3 (exc)
netgear rbr840_firmware to 4.6.14.3 (exc)
netgear rbr850_firmware to 4.6.14.3 (exc)
netgear rbre960_firmware to 6.3.7.5 (exc)
netgear rbs750_firmware to 4.6.14.3 (exc)
netgear rbs840_firmware to 4.6.14.3 (exc)
netgear rbs850_firmware to 4.6.14.3 (exc)
netgear rbse960_firmware to 6.3.7.5 (exc)
netgear rs700_firmware to 1.0.7.66 (exc)
netgear xr1000_firmware to 1.0.0.68 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-15 One or more system settings or configuration elements can be externally controlled by a user.
CWE-610 The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves insufficient configuration management in certain Netgear devices. It allows authenticated administrators who are connected to the local network to tamper with the system.

Impact Analysis

The impact of this vulnerability is that an authenticated administrator on the local network could modify system settings or configurations in an unauthorized manner, potentially leading to system instability, security weaknesses, or unauthorized changes.

Compliance Impact

The vulnerability involves insufficient configuration management that allows authenticated administrators on the local network to tamper with the system.

Such tampering could potentially lead to unauthorized changes or access to sensitive data, which may impact compliance with standards and regulations like GDPR and HIPAA that require strict controls over data integrity and access.

However, the provided information does not explicitly describe the direct impact on compliance with these regulations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0418. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart