CVE-2026-9210
Analyzed Analyzed - Analysis Complete

Authenticated Admin Command Injection in NETGEAR Router Firmware

Publication date: 2026-06-09

Last updated on: 2026-06-18

Assigner: Netgear, Inc.

Description
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-09
Last Modified
2026-06-18
Generated
2026-06-30
AI Q&A
2026-06-09
EPSS Evaluated
2026-06-28
NVD
CVE-2026-9210
EUVD
EUVD-2026-35459

Affected Vendors & Products

Showing 31 associated CPEs
Vendor Product Version / Range
netgear ex3700_firmware to 1.0.0.100 (exc)
netgear ex3800_firmware to 1.0.0.100 (exc)
netgear ex6120_firmware to 1.0.0.72 (exc)
netgear ex6130_firmware to 1.0.0.54 (exc)
netgear mr60_firmware to 1.1.7.132 (exc)
netgear mr70_firmware to 1.0.3.28 (exc)
netgear mr80_firmware to 1.1.7.14 (exc)
netgear ms60_firmware to 1.1.7.132 (exc)
netgear ms70_firmware to 1.0.3.28 (exc)
netgear ms80_firmware to 1.1.7.14 (exc)
netgear r6400v2_firmware to 1.0.4.128 (exc)
netgear r6700v3_firmware to 1.0.4.128 (exc)
netgear r6900p_firmware to 1.3.3.152 (exc)
netgear r7000_firmware to 1.0.11.216 (exc)
netgear r7000p_firmware to 1.3.3.152 (exc)
netgear r7960p_firmware to 1.4.4.92 (exc)
netgear r8000p_firmware to 1.4.4.92 (exc)
netgear r8500_firmware *
netgear rax20_firmware to 1.0.18.144 (exc)
netgear rax35v2_firmware to 1.0.12.118 (exc)
netgear rax40v2_firmware to 1.0.12.118 (exc)
netgear rax41_firmware to 1.0.12.118 (exc)
netgear rax42_firmware to 1.0.12.118 (exc)
netgear rax43_firmware to 1.0.12.120 (exc)
netgear rax48_firmware to 1.0.12.118 (exc)
netgear rax50_firmware to 1.0.12.120 (exc)
netgear rax50s_firmware to 1.0.12.120 (exc)
netgear raxe450_firmware to 1.0.10.86 (exc)
netgear raxe500_firmware to 1.0.10.86 (exc)
netgear xr1000_firmware to 1.0.0.68 (exc)
netgear rax45_firmware to 1.0.12.118 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an insufficient input validation issue found in certain NETGEAR router models. It allows authenticated administrators who are connected to the local network to make unauthorized modifications to the router's software and functionality.

Impact Analysis

The vulnerability can impact you by enabling an authenticated administrator on the local network to alter the router's software and functionality without proper authorization. This could lead to unexpected behavior, potential security risks, or disruption of network services.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9210. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart