CVE-2026-0414 | THREATINT

Description

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.

PUBLISHED Reserved 2025-12-03 | Published 2026-06-09 | Updated 2026-06-10 | Assigner NETGEAR

MEDIUM: 4.3CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

Problem types

CWE-94: Improper Control of Generation of Code ('Code Injection')

Product status

Default status

unaffected

Any version before V9.12.4.9

affected

References

www.netgear.com/support/product/rbe970/ product patch

kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory vendor-advisory

cve.org (CVE-2026-0414)

nvd.nist.gov (CVE-2026-0414)

Download JSON