CVE-2026-9210

Description

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.

CVSS breakdown

CVSS 4.0

Attack Vector

Adjacent

Attack Complexity

Low

Attack Requirements

None

Privileges Required

None

User Interaction

None

Confidentiality (Vulnerable System)

None

Integrity (Vulnerable System)

High

Availability (Vulnerable System)

None

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

E

Unchanged

V

D

RE

Low

U

Amber

Affected products

NETGEAR / EX37000 – V1.0.0.100
NETGEAR / EX38000 – V1.0.0.100
NETGEAR / EX61200 – V1.0.0.72
NETGEAR / EX61300 – V1.0.0.54
NETGEAR / MR600 – V1.1.7.132
NETGEAR / MR700 – V1.0.3.28
NETGEAR / MR800 – V1.1.7.14
NETGEAR / MS600 – V1.1.7.132
NETGEAR / MS700 – V1.0.3.28
NETGEAR / MS800 – V1.1.7.14
NETGEAR / R6400v20 – V1.0.4.128
NETGEAR / R6700v30 – V1.0.4.128
NETGEAR / R6900P0 – V1.3.3.152
NETGEAR / R70000 – V1.0.11.216
NETGEAR / R7000P0 – V1.3.3.152
NETGEAR / R7960P0 – V1.4.4.92
NETGEAR / R8000P0 – V1.4.4.92
NETGEAR / R85000 – 1.0.2.160
NETGEAR / RAX200 – V1.0.18.144
NETGEAR / RAX35v20 – V1.0.12.118
NETGEAR / RAX40v20 – V1.0.12.118
NETGEAR / RAX410 – V1.0.12.118
NETGEAR / RAX420 – V1.0.12.118
NETGEAR / RAX430 – V1.0.12.120
NETGEAR / RAX450 – V1.0.12.118
NETGEAR / RAX480 – V1.0.12.118
NETGEAR / RAX500 – V1.0.12.120
NETGEAR / RAX50S0 – V1.0.12.120
NETGEAR / RAXE4500 – V1.0.10.86
NETGEAR / RAXE5000 – V1.0.10.86
NETGEAR / XR10000 – V1.0.0.68

Description

CVSS breakdown

Affected products

References