CVE-2026-9212

Analyzed Analyzed - Analysis Complete

Authentication Bypass and Command Injection in NETGEAR Routers

Publication date: 2026-06-09

Last updated on: 2026-06-18

Assigner: Netgear, Inc.

Description

Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or change certain configurations.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-09

Last Modified

2026-06-18

Generated

2026-06-30

AI Q&A

2026-06-09

EPSS Evaluated

2026-06-28

NVD

CVE-2026-9212

EUVD

EUVD-2026-35466

Affected Vendors & Products

Vendor	Product	Version / Range
netgear	lbr1020_firmware	to 2.6.4.60 (exc)
netgear	lbr20_firmware	to 2.7.6.8 (exc)
netgear	r6700ax_firmware	*
netgear	r7800_firmware	to 1.0.4.96 (exc)
netgear	r9000_firmware	to 1.0.6.46 (exc)
netgear	rax10_firmware	to 1.0.5.50 (exc)
netgear	rax120_firmware	to 1.2.10.56 (exc)
netgear	rax36s_firmware	to 1.0.5.50 (exc)
netgear	rax70_firmware	to 1.0.19.172 (exc)
netgear	rax78_firmware	to 1.0.19.172 (exc)
netgear	rbr10_firmware	*
netgear	rbr20_firmware	*
netgear	rbr350_firmware	to 4.4.2.1 (exc)
netgear	rbr40_firmware	*
netgear	rbr50_firmware	*
netgear	rbs10_firmware	*
netgear	rbs20_firmware	*
netgear	rbs350_firmware	to 4.4.2.1 (exc)
netgear	rbs40_firmware	*
netgear	rbs50_firmware	*
netgear	xr450_firmware	to 2.3.3.136 (exc)
netgear	xr500_firmware	to 2.3.3.136 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-20	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-306	The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Attack-Flow Graph

Executive Summary

This vulnerability involves insufficient authentication and input validation in certain NETGEAR models. It allows users who are connected to the local network to execute commands that can affect the confidentiality of the product or change some of its configurations.

Impact Analysis

The vulnerability can impact you by allowing unauthorized users on your local network to execute commands that may compromise the confidentiality of your device or alter its configurations. This could lead to unauthorized access to sensitive information or changes in device behavior that may affect network security.

Compliance Impact

The vulnerability involves insufficient authentication and input validation allowing local network users to execute commands that impact the product's confidentiality or change configurations.

Such a vulnerability could potentially affect compliance with standards and regulations like GDPR or HIPAA, which require protection of confidentiality and integrity of data and systems.

However, the provided information does not explicitly describe the impact on compliance with these or other common standards and regulations.

Mitigation Strategies

The CVE description indicates that the vulnerability is due to insufficient authentication and input validation on certain NETGEAR models allowing local network users to execute commands or change configurations.

However, no specific mitigation steps or firmware updates are provided in the available resources or context for this CVE.

As a general best practice, to mitigate such vulnerabilities, you should restrict local network access to the affected devices, ensure strong authentication mechanisms are in place, and monitor for unusual activity.

Hi! I’m here to help you understand CVE-2026-9212. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70