CVE-2026-0416
MEDIUMRAXE450 and RAXE500 routers allow administrators to modify router functionality beyond intended limits
Title source: cnaDescription
An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with local network access to submit crafted input that bypasses intended management interface restrictions, resulting in unauthorized modification of protected router software or functionality.
References (3)
Core 3
Core References
Patch product
patch
https://www.netgear.com/support/product/raxe500/
Patch product
patch
https://www.netgear.com/support/product/raxe450/
Vendor Advisory vendor-advisory
https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory
Scores
CVSS v4
4.3
EPSS
0.0019
EPSS Percentile
8.3%
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:L/U:Amber
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (2)
NETGEAR/RAXE450
V1.0.12.96 - V1.2.14.114
NETGEAR/RAXE500
V1.0.12.96 - V1.2.14.114
Published
Jun 09, 2026
Tracked Since
Jun 09, 2026