CVE-2026-9210

Summary

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.

Affected Software

VendorProductVersion RangeStatus
NETGEAREX37000 < V1.0.0.100affected
NETGEAREX38000 < V1.0.0.100affected
NETGEAREX61200 < V1.0.0.72affected
NETGEAREX61300 < V1.0.0.54affected
NETGEARMR600 < V1.1.7.132affected
NETGEARMR700 < V1.0.3.28affected
NETGEARMR800 < V1.1.7.14affected
NETGEARMS600 < V1.1.7.132affected
NETGEARMS700 < V1.0.3.28affected
NETGEARMS800 < V1.1.7.14affected
NETGEARR6400v20 < V1.0.4.128affected
NETGEARR6700v30 < V1.0.4.128affected
NETGEARR6900P0 < V1.3.3.152affected
NETGEARR70000 < V1.0.11.216affected
NETGEARR7000P0 < V1.3.3.152affected
NETGEARR7960P0 < V1.4.4.92affected
NETGEARR8000P0 < V1.4.4.92affected
NETGEARR85000 <= 1.0.2.160affected
NETGEARRAX200 < V1.0.18.144affected
NETGEARRAX35v20 < V1.0.12.118affected
NETGEARRAX40v20 < V1.0.12.118affected
NETGEARRAX410 < V1.0.12.118affected
NETGEARRAX420 < V1.0.12.118affected
NETGEARRAX430 < V1.0.12.120affected
NETGEARRAX450 < V1.0.12.118affected
NETGEARRAX480 < V1.0.12.118affected
NETGEARRAX500 < V1.0.12.120affected
NETGEARRAX50S0 < V1.0.12.120affected
NETGEARRAXE4500 < V1.0.10.86affected
NETGEARRAXE5000 < V1.0.10.86affected
NETGEARXR10000 < V1.0.0.68affected

Weaknesses

  • CWE-20: CWE-20 Improper input validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References