CVE-2026-9212
MEDIUMInsufficient authentication and input validation in certain NETGEAR products
Title source: cnaDescription
Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or change certain configurations.
References (24)
Core 24
Core References
Patch product
patch
https://www.netgear.com/support/product/lbr20/
Patch product
patch
https://www.netgear.com/support/product/lbr1020/
Patch product
patch
https://www.netgear.com/support/product/rax70/
Patch product
patch
https://www.netgear.com/support/product/rbr10/
Patch product
patch
https://www.netgear.com/support/product/rbr350/
Patch product
patch
https://www.netgear.com/support/product/rbr40/
Patch product
patch
https://www.netgear.com/support/product/rbr50/
Patch product
patch
https://www.netgear.com/support/product/rbs10/
Patch product
patch
https://www.netgear.com/support/product/rbs20/
Patch product
patch
https://www.netgear.com/support/product/rax36s/
Patch product
patch
https://www.netgear.com/support/product/rbr20/
Patch product
patch
https://www.netgear.com/support/product/rbs50/
Patch product
patch
https://www.netgear.com/support/product/rbs350/
Patch product
patch
https://www.netgear.com/support/product/xr500/
Patch product
patch
https://www.netgear.com/support/product/rbs40/
Patch product
patch
https://www.netgear.com/support/product/r6700ax/
Patch product
patch
https://www.netgear.com/support/product/r9000/
Patch product
patch
https://www.netgear.com/support/product/r7800/
Patch product
patch
https://www.netgear.com/support/product/rax10/
Patch product
patch
https://www.netgear.com/support/product/rax120/
Patch product
patch
https://www.netgear.com/support/product/rax78/
Patch product
patch
https://www.netgear.com/support/product/rax120v2/
Patch product
patch
https://www.netgear.com/support/product/xr450/
Vendor Advisory vendor-advisory
https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory
Scores
CVSS v4
5.6
EPSS
0.0028
EPSS Percentile
19.2%
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-20
CWE-306
Status
published
Products (26)
NETGEAR/LBR1020
< V2.6.4.60
NETGEAR/LBR20
< V2.7.6.8
NETGEAR/R6700AX
NETGEAR/R6700AX
< 1.0.20.174
NETGEAR/R7800
< V1.0.4.96
NETGEAR/R9000
< V1.0.6.46
NETGEAR/RAX10
< V1.0.5.50
NETGEAR/RAX10v2
< V1.0.5.50
NETGEAR/RAX120
< V1.2.10.56
NETGEAR/RAX120v1
< V1.2.10.56
... and 16 more
Published
Jun 09, 2026
Tracked Since
Jun 09, 2026