CVE-2026-0417 - Vulnerability Details

Insufficient input validation vulnerability in the listed NETGEAR devices allows
authenticated administrators connected to the local network to tamper with
the router's integrity.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00052.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

NETGEAR

MR60

unaffected

Version	Status	Constraints
`0`	affected	< V1.1.7.132

NETGEAR

MR70

unaffected

Version	Status	Constraints
`0`	affected	< V1.0.3.28

NETGEAR

MR80

unaffected

Version	Status	Constraints
`0`	affected	< V1.1.7.14

NETGEAR

MS60

unaffected

Version	Status	Constraints
`0`	affected	< V1.1.7.132

NETGEAR

MS70

unaffected

Version	Status	Constraints
`0`	affected	< V1.0.3.28

NETGEAR

MS80

unaffected

Version	Status	Constraints
`0`	affected	< V1.1.7.14

NETGEAR

R6400v2

unaffected

Version	Status	Constraints
`0`	affected	< V1.0.4.128

NETGEAR

R6700v3

unaffected

Version	Status	Constraints
`0`	affected	< V1.0.4.128

NETGEAR

R6900P

unaffected

Version	Status	Constraints
`0`	affected	< V1.3.3.152

NETGEAR

R7000

unaffected

Version	Status	Constraints
`0`	affected	< V1.0.11.216

NETGEAR

R7000P

unaffected

Version	Status	Constraints
`0`	affected	< V1.3.3.152

NETGEAR

R7960P

unaffected

Version	Status	Constraints
`0`	affected	< V1.4.4.92

NETGEAR

R8000P

unaffected

Version	Status	Constraints
`0`	affected	< V1.4.4.92

NETGEAR

R8500

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.0.2.160

NETGEAR

RAX20

unaffected

Version	Status	Constraints
`0`	affected	< V1.0.18.144

NETGEAR

RAX35v2

unaffected

Version	Status	Constraints
`0`	affected	< V1.0.16.132

NETGEAR

RAX40v2

unaffected

Version	Status	Constraints
`0`	affected	< V1.0.12.118

NETGEAR

RAX41

unaffected

Version	Status	Constraints
`0`	affected	< V1.0.12.118

NETGEAR

RAX42

unaffected

Version	Status	Constraints
`0`	affected	< V1.0.12.118

NETGEAR

RAX43

unaffected

Version	Status	Constraints
`0`	affected	< V1.0.12.120

NETGEAR

RAX45

unaffected

Version	Status	Constraints
`0`	affected	< V1.0.12.118

NETGEAR

RAX48

unaffected

Version	Status	Constraints
`0`	affected	< V1.0.12.118

NETGEAR

RAX50

unaffected

Version	Status	Constraints
`0`	affected	< V1.0.12.120

NETGEAR

RAX50S

unaffected

Version	Status	Constraints
`0`	affected	< V1.0.12.120

NETGEAR

RAXE450

unaffected

Version	Status	Constraints
`0`	affected	< V1.0.10.86

NETGEAR

RAXE500

unaffected

Version	Status	Constraints
`0`	affected	< V1.0.10.86

NETGEAR

XR1000

unaffected

Version	Status	Constraints
`0`	affected	< V1.0.0.68

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Netgear Subscribe	Mr60 Subscribe Mr70 Subscribe Mr80 Subscribe Ms60 Subscribe Ms70 Subscribe Ms80 Subscribe R6400v2 Subscribe R6700v3 Subscribe R6900p Subscribe R7000 Subscribe R7000p Subscribe R7960p Subscribe R8000p Subscribe R8500 Subscribe Rax20 Subscribe Rax35v2 Subscribe Rax40v2 Subscribe Rax41 Subscribe Rax42 Subscribe Rax43 Subscribe Rax45 Subscribe Rax48 Subscribe Rax50 Subscribe Rax50s Subscribe Raxe450 Subscribe Raxe500 Subscribe Xr1000 Subscribe

Project Subscriptions

Vendors	Products
Netgear Subscribe	Mr60 Subscribe Mr70 Subscribe Mr80 Subscribe Ms60 Subscribe Ms70 Subscribe Ms80 Subscribe R6400v2 Subscribe R6700v3 Subscribe R6900p Subscribe R7000 Subscribe R7000p Subscribe R7960p Subscribe R8000p Subscribe R8500 Subscribe Rax20 Subscribe Rax35v2 Subscribe Rax40v2 Subscribe Rax41 Subscribe Rax42 Subscribe Rax43 Subscribe Rax45 Subscribe Rax48 Subscribe Rax50 Subscribe Rax50s Subscribe Raxe450 Subscribe Raxe500 Subscribe Xr1000 Subscribe

Advisories

No advisories yet.

Fixes

Solution

Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in: ProductFixed VersionMR60 Nighthawk Mesh WiFi 6 Router V1.1.7.132 https://www.netgear.com/support/product/mr60/ MR70 Nighthawk Mesh WiFi 6 Router V1.0.3.28 https://www.netgear.com/support/product/mr70/ MR80 Nighthawk Tri-band Mesh WiFi 6 Router V1.1.7.14 https://www.netgear.com/support/product/mr80/ MS60 Nighthawk Mesh WiFi 6 Add-on Satellite V1.1.7.132 https://www.netgear.com/support/product/ms60/ MS70 Nighthawk Mesh WiFi 6 Add-on Satellite V1.0.3.28 https://www.netgear.com/support/product/ms70/ MS80 Nighthawk Tri-band Mesh WiFi 6 Add-on Satellite V1.1.7.14 https://www.netgear.com/support/product/ms80/ R6400v2 (EoS) AC1750 Smart WiFi Router 802.11ac Dual Band Gigabit V1.0.4.128 https://www.netgear.com/support/product/r6400v2/ R6700v3 (EoS) Nighthawk AC1750 Smart WiFi Dual Band Gigabit Router V1.0.4.128 https://www.netgear.com/support/product/r6700v3/ R6900P (EoS) Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router V1.3.3.152 https://www.netgear.com/support/product/r6900p/ R7000 (EoS) Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router V1.0.11.216 https://www.netgear.com/support/product/r7000/ R7000P (EoS) Nighthawk AC2300 Smart WiFi Dual Band Gigabit Router V1.3.3.152 https://www.netgear.com/support/product/r7000p/ R7960P (EoS) Nighthawk X6S AC3600 Tri-Band WiFi Router V1.4.4.92 https://www.netgear.com/support/product/r7960p/ R8000P (EoS) Nighthawk X6S AC4000 Tri Band WiFi Router V1.4.4.92 https://www.netgear.com/support/product/r8000p/ R8500 (EoS) Nighthawk X8 AC5300 Smart WiFi RouterEOSRAX20 (EoS) 4-Stream AX1800 WiFi 6 Router V1.0.18.144 https://www.netgear.com/support/product/rax20/ RAX35v2 Nighthawk AX4 4-Stream AX3000 WiFi 6 RouterV1.0.16.132RAX40v2 Nighthawk AX4 4-Stream WiFi Router V1.0.12.118 https://www.netgear.com/support/product/rax40v2/ RAX41 (EoS) Nighthawk AX5 5-Stream AX3600 WiFi Router V1.0.12.118 https://www.netgear.com/support/product/rax41/ RAX42 (EoS) Nighthawk AX5 5-Stream AX4200 WiFi Router V1.0.12.118 https://www.netgear.com/support/product/rax42/ RAX43 (EoS) Nighthawk AX5 5-Stream AX4200 WiFi Router V1.0.12.120 https://www.netgear.com/support/product/rax43/ RAX45 (EoS) Nighthawk AX6 6-Stream AX4300 WiFi Router V1.0.12.118 https://www.netgear.com/support/product/rax45/ RAX48 Nighthawk AX6 6-Stream AX5200 WiFi 6 Router V1.0.12.118 https://www.netgear.com/support/product/rax48/ RAX50 Nighthawk AX6 6-Stream AX5400 WiFi 6 Router V1.0.12.120 https://www.netgear.com/support/product/rax50/ RAX50S Nighthawk AX6 6-Stream AX5400 WiFi 6 Router V1.0.12.120 https://www.netgear.com/support/product/rax50s/ RAXE450 Nighthawk AXE10000 Tri-Band WiFi 6E Router V1.0.10.86 https://www.netgear.com/support/product/raxe450/ RAXE500 Nighthawk AX12 12-Stream AXE11000 Tri-Band WiFi 6E Router V1.0.10.86 https://www.netgear.com/support/product/raxe500/ XR1000 Nighthawk WiFi 6 Pro Gaming Router V1.0.0.68 https://www.netgear.com/support/product/xr1000/ Models marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory
https://www.netgear.com/support/product/mr60/
https://www.netgear.com/support/product/mr70/
https://www.netgear.com/support/product/mr80/
https://www.netgear.com/support/product/ms60/
https://www.netgear.com/support/product/ms70/
https://www.netgear.com/support/product/ms80/
https://www.netgear.com/support/product/r6400v2/
https://www.netgear.com/support/product/r6700v3/
https://www.netgear.com/support/product/r6900p/
https://www.netgear.com/support/product/r7000/
https://www.netgear.com/support/product/r7000p/
https://www.netgear.com/support/product/r7960p/
https://www.netgear.com/support/product/r8000p/
https://www.netgear.com/support/product/r8500/
https://www.netgear.com/support/product/rax20/
https://www.netgear.com/support/product/rax35v2/
https://www.netgear.com/support/product/rax40v2/
https://www.netgear.com/support/product/rax41/
https://www.netgear.com/support/product/rax42/
https://www.netgear.com/support/product/rax43/
https://www.netgear.com/support/product/rax45/
https://www.netgear.com/support/product/rax48/
https://www.netgear.com/support/product/rax50/
https://www.netgear.com/support/product/rax50s/
https://www.netgear.com/support/product/raxe450/
https://www.netgear.com/support/product/raxe500/
https://www.netgear.com/support/product/xr1000/

History

Wed, 10 Jun 2026 16:00:00 +0000

Type	Values Removed	Values Added
Description	Insufficient input validation vulnerability in NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity.	Insufficient input validation vulnerability in the listed NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity.
References		https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory

Tue, 09 Jun 2026 20:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Netgear Netgear mr60 Netgear mr70 Netgear mr80 Netgear ms60 Netgear ms70 Netgear ms80 Netgear r6400v2 Netgear r6700v3 Netgear r6900p Netgear r7000 Netgear r7000p Netgear r7960p Netgear r8000p Netgear r8500 Netgear rax20 Netgear rax35v2 Netgear rax40v2 Netgear rax41 Netgear rax42 Netgear rax43 Netgear rax45 Netgear rax48 Netgear rax50 Netgear rax50s Netgear raxe450 Netgear raxe500 Netgear xr1000
Vendors & Products		Netgear Netgear mr60 Netgear mr70 Netgear mr80 Netgear ms60 Netgear ms70 Netgear ms80 Netgear r6400v2 Netgear r6700v3 Netgear r6900p Netgear r7000 Netgear r7000p Netgear r7960p Netgear r8000p Netgear r8500 Netgear rax20 Netgear rax35v2 Netgear rax40v2 Netgear rax41 Netgear rax42 Netgear rax43 Netgear rax45 Netgear rax48 Netgear rax50 Netgear rax50s Netgear raxe450 Netgear raxe500 Netgear xr1000

Tue, 09 Jun 2026 18:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 09 Jun 2026 16:30:00 +0000

Type	Values Removed	Values Added
Description		Insufficient input validation vulnerability in NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity.
Title		Insufficient input validation in certain NETGEAR routers
Weaknesses		CWE-20
References		https://www.netgear.com/support/product/mr60/ https://www.netgear.com/support/product/mr70/ https://www.netgear.com/support/product/mr80/ https://www.netgear.com/support/product/ms60/ https://www.netgear.com/support/product/ms70/ https://www.netgear.com/support/product/ms80/ https://www.netgear.com/support/product/r6400v2/ https://www.netgear.com/support/product/r6700v3/ https://www.netgear.com/support/product/r6900p/ https://www.netgear.com/support/product/r7000/ https://www.netgear.com/support/product/r7000p/ https://www.netgear.com/support/product/r7960p/ https://www.netgear.com/support/product/r8000p/ https://www.netgear.com/support/product/r8500/ https://www.netgear.com/support/product/rax20/ https://www.netgear.com/support/product/rax35v2/ https://www.netgear.com/support/product/rax40v2/ https://www.netgear.com/support/product/rax41/ https://www.netgear.com/support/product/rax42/ https://www.netgear.com/support/product/rax43/ https://www.netgear.com/support/product/rax45/ https://www.netgear.com/support/product/rax48/ https://www.netgear.com/support/product/rax50/ https://www.netgear.com/support/product/rax50s/ https://www.netgear.com/support/product/raxe450/ https://www.netgear.com/support/product/raxe500/ https://www.netgear.com/support/product/xr1000/
Metrics		cvssV4_0 `{'score': 4.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: NETGEAR

Published: 2026-06-09T15:50:49.507Z

Updated: 2026-06-10T15:49:33.259Z

Reserved: 2025-12-03T04:16:24.254Z

Link: CVE-2026-0417

Vulnrichment

Updated: 2026-06-09T17:10:46.313Z

NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:16:59.450

Modified: 2026-06-10T16:16:55.950

Link: CVE-2026-0417

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-10T18:45:22Z

Weaknesses

CWE-20

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object