CVE-2026-9212

Summary

Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or change certain configurations.

Affected Software

VendorProductVersion RangeStatus
NETGEARLBR10200 < V2.6.4.60affected
NETGEARLBR200 < V2.7.6.8affected
NETGEARR6700AX0 <= *affected
NETGEARR78000 < V1.0.4.96affected
NETGEARR90000 < V1.0.6.46affected
NETGEARRAX100 < V1.0.5.50affected
NETGEARRAX10v20 < V1.0.5.50affected
NETGEARRAX1200 < V1.2.10.56affected
NETGEARRAX120v10 < V1.2.10.56affected
NETGEARRAX120v20 < V1.2.10.56affected
NETGEARRAX36S0 < V1.0.5.50affected
NETGEARRAX700 < V1.0.19.172affected
NETGEARRAX780 < V1.0.19.172affected
NETGEARRBR100 <= 2.7.6.6affected
NETGEARRBR200 <= 2.7.6.6affected
NETGEARRBR3500 < V4.4.2.1affected
NETGEARRBR400 <= 2.7.6.6affected
NETGEARRBR500 <= 2.7.6.6affected
NETGEARRBS100 <= 2.7.6.6affected
NETGEARRBS200 <= 2.7.6.6affected
NETGEARRBS3500 < V4.4.2.1affected
NETGEARRBS400 <= 2.7.6.6affected
NETGEARRBS500 <= 2.7.6.6affected
NETGEARXR4500 < V2.3.3.136affected
NETGEARXR5000 < v2.3.3.136affected

Weaknesses

  • CWE-306: CWE-306 Missing authentication for critical function
  • CWE-20: CWE-20 Improper input validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References