CVE-2026-9212

Description

Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or change certain configurations.

CVSS breakdown

CVSS 4.0

Attack Vector

Adjacent

Attack Complexity

Low

Attack Requirements

None

Privileges Required

Low

User Interaction

None

Confidentiality (Vulnerable System)

High

Integrity (Vulnerable System)

Low

Availability (Vulnerable System)

None

Confidentiality (Subsequent System)

High

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

E

Unchanged

Affected products

NETGEAR / LBR10200 – V2.6.4.60
NETGEAR / LBR200 – V2.7.6.8
NETGEAR / R6700AX0 – *
NETGEAR / R78000 – V1.0.4.96
NETGEAR / R90000 – V1.0.6.46
NETGEAR / RAX100 – V1.0.5.50
NETGEAR / RAX10v20 – V1.0.5.50
NETGEAR / RAX1200 – V1.2.10.56
NETGEAR / RAX120v10 – V1.2.10.56
NETGEAR / RAX120v20 – V1.2.10.56
NETGEAR / RAX36S0 – V1.0.5.50
NETGEAR / RAX700 – V1.0.19.172
NETGEAR / RAX780 – V1.0.19.172
NETGEAR / RBR100 – 2.7.6.6
NETGEAR / RBR200 – 2.7.6.6
NETGEAR / RBR3500 – V4.4.2.1
NETGEAR / RBR400 – 2.7.6.6
NETGEAR / RBR500 – 2.7.6.6
NETGEAR / RBS100 – 2.7.6.6
NETGEAR / RBS200 – 2.7.6.6
NETGEAR / RBS3500 – V4.4.2.1
NETGEAR / RBS400 – 2.7.6.6
NETGEAR / RBS500 – 2.7.6.6
NETGEAR / XR4500 – V2.3.3.136
NETGEAR / XR5000 – v2.3.3.136

Description

CVSS breakdown

Affected products

References