Improper input validation in certain NETGEAR routers allows unauthorized modification of protected router functionality
Summary
| CVE | CVE-2026-0416 |
|---|---|
| State | PUBLISHED |
| Assigner | NETGEAR |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-09 17:16:59 UTC |
| Updated | 2026-06-18 13:53:17 UTC |
| Description | An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with local network access to submit crafted input that bypasses intended management interface restrictions, resulting in unauthorized modification of protected router software or functionality. |
Risk And Classification
Primary CVSS: v4.0 4.3 MEDIUM from a2826606-91e7-4eb6-899e-8484bd4575d5
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:L/U:Amber
EPSS: 0.001800000 probability, percentile 0.075980000 (date 2026-06-22)
Problem Types: CWE-20 | NVD-CWE-noinfo | CWE-20 CWE-20 Improper input validation
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | a2826606-91e7-4eb6-899e-8484bd4575d5 | Secondary | 4.3 | MEDIUM | CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/C... |
| 4.0 | CNA | CVSS | 4.3 | MEDIUM | CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/V... |
| 3.1 | [email protected] | Primary | 4.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N |
CVSS v4.0 Breakdown
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:L/U:Amber
CVSS v3.1 Breakdown
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Netgear | Raxe450 | - | All | All | All |
| Operating System | Netgear | Raxe450 Firmware | All | All | All | All |
| Hardware | Netgear | Raxe500 | - | All | All | All |
| Operating System | Netgear | Raxe500 Firmware | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory | a2826606-91e7-4eb6-899e-8484bd4575d5 | kb.netgear.com | Vendor Advisory |
| www.netgear.com/support/product/raxe450 | a2826606-91e7-4eb6-899e-8484bd4575d5 | www.netgear.com | Product |
| www.netgear.com/support/product/raxe500 | a2826606-91e7-4eb6-899e-8484bd4575d5 | www.netgear.com | Product |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: fxc233 (en)
Additional Advisory Data
Solutions
CNA: Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in: ProductFixed VersionRAXE450 Nighthawk AXE10000 Tri-Band WiFi 6E Router V1.2.14.114 https://www.netgear.com/support/product/raxe450/ RAXE500 Nighthawk AX12 12-Stream AXE11000 Tri-Band WiFi 6E Router V1.2.14.114 https://www.netgear.com/support/product/raxe500/