CVE-2026-9213
6.9
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
Summary
A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| NETGEAR | MR70 | 0 < V1.0.4.48 | affected |
| NETGEAR | MS70 | 0 < V1.0.4.48 | affected |
| NETGEAR | RAXE500 | 0 < V1.2.14.114 | affected |
| NETGEAR | XR1000 | 0 < V1.0.2.86 | affected |
Weaknesses
- CWE-20: CWE-20 Insufficient input validation
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.netgear.com/support/product/mr70/
- https://www.netgear.com/support/product/ms70/
- https://www.netgear.com/support/product/raxe500/
- https://www.netgear.com/support/product/xr1000/
- https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.