CVE-2026-0419
Analyzed Analyzed - Analysis Complete

Command Injection in NETGEAR JR6150 Router

Publication date: 2026-06-09

Last updated on: 2026-06-18

Assigner: Netgear, Inc.

Description
Insufficient input validation in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows users connected to the local WiFi Networks to execute operating system commands.Β NETGEAR JR6150 has reached End-of-Support phase as of 2018 , and no further security updates are planned. NETGEARΒ strongly recommends replacing these devices with newer NETGEAR models to ensure continued security support and updates. This vulnerability has been identified through firmware emulation in a controlled research environment and has not been verified on production hardware.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-09
Last Modified
2026-06-18
Generated
2026-06-30
AI Q&A
2026-06-09
EPSS Evaluated
2026-06-28
NVD
CVE-2026-0419
EUVD
EUVD-2026-35454

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
netgear jr6150_firmware *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is due to insufficient input validation in the NETGEAR JR6150 AC750 WiFi Router. It allows users who are connected to the local WiFi network to execute operating system commands on the device.

The issue was identified through firmware emulation in a controlled research environment and has not been confirmed on actual production hardware.

The affected device model has reached its End-of-Support phase as of 2018, meaning no further security updates will be provided.

Impact Analysis

If exploited, this vulnerability could allow an attacker connected to the local WiFi network to execute arbitrary operating system commands on the affected router.

This could lead to unauthorized control over the device, potentially compromising the network security and the data passing through the router.

Since the device is no longer supported with security updates, the risk remains unmitigated unless the device is replaced.

Mitigation Strategies

NETGEAR strongly recommends replacing the affected JR6150 devices with newer NETGEAR models to ensure continued security support and updates.

Since the JR6150 has reached End-of-Support as of 2018 and no further security updates are planned, upgrading the hardware is the primary mitigation step.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0419. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart