CVE-2026-0417 - Vulnerability Details

Insufficient input validation vulnerability in NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Netgear	Mr60 Mr70 Mr80 Ms60 Ms70 Ms80 R6400v2 R6700v3 R6900p R7000 R7000p R7960p R8000p R8500 Rax20 Rax35v2 Rax40v2 Rax41 Rax42 Rax43 Rax45 Rax48 Rax50 Rax50s Raxe450 Raxe500 Xr1000

No data.

References

Link	Providers
https://www.netgear.com/support/product/mr60/
https://www.netgear.com/support/product/mr70/
https://www.netgear.com/support/product/mr80/
https://www.netgear.com/support/product/ms60/
https://www.netgear.com/support/product/ms70/
https://www.netgear.com/support/product/ms80/
https://www.netgear.com/support/product/r6400v2/
https://www.netgear.com/support/product/r6700v3/
https://www.netgear.com/support/product/r6900p/
https://www.netgear.com/support/product/r7000/
https://www.netgear.com/support/product/r7000p/
https://www.netgear.com/support/product/r7960p/
https://www.netgear.com/support/product/r8000p/
https://www.netgear.com/support/product/r8500/
https://www.netgear.com/support/product/rax20/
https://www.netgear.com/support/product/rax35v2/
https://www.netgear.com/support/product/rax40v2/
https://www.netgear.com/support/product/rax41/
https://www.netgear.com/support/product/rax42/
https://www.netgear.com/support/product/rax43/
https://www.netgear.com/support/product/rax45/
https://www.netgear.com/support/product/rax48/
https://www.netgear.com/support/product/rax50/
https://www.netgear.com/support/product/rax50s/
https://www.netgear.com/support/product/raxe450/
https://www.netgear.com/support/product/raxe500/
https://www.netgear.com/support/product/xr1000/

History

Tue, 09 Jun 2026 20:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Netgear Netgear mr60 Netgear mr70 Netgear mr80 Netgear ms60 Netgear ms70 Netgear ms80 Netgear r6400v2 Netgear r6700v3 Netgear r6900p Netgear r7000 Netgear r7000p Netgear r7960p Netgear r8000p Netgear r8500 Netgear rax20 Netgear rax35v2 Netgear rax40v2 Netgear rax41 Netgear rax42 Netgear rax43 Netgear rax45 Netgear rax48 Netgear rax50 Netgear rax50s Netgear raxe450 Netgear raxe500 Netgear xr1000
Vendors & Products		Netgear Netgear mr60 Netgear mr70 Netgear mr80 Netgear ms60 Netgear ms70 Netgear ms80 Netgear r6400v2 Netgear r6700v3 Netgear r6900p Netgear r7000 Netgear r7000p Netgear r7960p Netgear r8000p Netgear r8500 Netgear rax20 Netgear rax35v2 Netgear rax40v2 Netgear rax41 Netgear rax42 Netgear rax43 Netgear rax45 Netgear rax48 Netgear rax50 Netgear rax50s Netgear raxe450 Netgear raxe500 Netgear xr1000

Tue, 09 Jun 2026 18:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 09 Jun 2026 16:30:00 +0000

Type	Values Removed	Values Added
Description		Insufficient input validation vulnerability in NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity.
Title		Insufficient input validation in certain NETGEAR routers
Weaknesses		CWE-20
References		https://www.netgear.com/support/product/mr60/ https://www.netgear.com/support/product/mr70/ https://www.netgear.com/support/product/mr80/ https://www.netgear.com/support/product/ms60/ https://www.netgear.com/support/product/ms70/ https://www.netgear.com/support/product/ms80/ https://www.netgear.com/support/product/r6400v2/ https://www.netgear.com/support/product/r6700v3/ https://www.netgear.com/support/product/r6900p/ https://www.netgear.com/support/product/r7000/ https://www.netgear.com/support/product/r7000p/ https://www.netgear.com/support/product/r7960p/ https://www.netgear.com/support/product/r8000p/ https://www.netgear.com/support/product/r8500/ https://www.netgear.com/support/product/rax20/ https://www.netgear.com/support/product/rax35v2/ https://www.netgear.com/support/product/rax40v2/ https://www.netgear.com/support/product/rax41/ https://www.netgear.com/support/product/rax42/ https://www.netgear.com/support/product/rax43/ https://www.netgear.com/support/product/rax45/ https://www.netgear.com/support/product/rax48/ https://www.netgear.com/support/product/rax50/ https://www.netgear.com/support/product/rax50s/ https://www.netgear.com/support/product/raxe450/ https://www.netgear.com/support/product/raxe500/ https://www.netgear.com/support/product/xr1000/
Metrics		cvssV4_0 `{'score': 4.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber'}`

MITRE

Status: PUBLISHED

Assigner: NETGEAR

Published: 2026-06-09T15:50:49.507Z

Updated: 2026-06-09T17:10:51.031Z

Reserved: 2025-12-03T04:16:24.254Z

Link: CVE-2026-0417

Vulnrichment

Updated: 2026-06-09T17:10:46.313Z

NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:16:59.450

Modified: 2026-06-09T19:38:32.463

Link: CVE-2026-0417

Redhat

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object