CVE-2026-9213
MEDIUMInsufficient input validation in certain NETGEAR routers
Title source: cnaDescription
A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device.
References (5)
Core 5
Core References
Patch product
patch
https://www.netgear.com/support/product/xr1000/
Patch product
patch
https://www.netgear.com/support/product/mr70/
Patch product
patch
https://www.netgear.com/support/product/ms70/
Patch product
patch
https://www.netgear.com/support/product/raxe500/
Vendor Advisory vendor-advisory
https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory
Scores
CVSS v4
6.9
EPSS
0.0033
EPSS Percentile
24.7%
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-20
Status
published
Products (4)
NETGEAR/MR70
< V1.0.4.48
NETGEAR/MS70
< V1.0.4.48
NETGEAR/RAXE500
< V1.2.14.114
NETGEAR/XR1000
< V1.0.2.86
Published
Jun 09, 2026
Tracked Since
Jun 09, 2026