{"api_version":"1","generated_at":"2026-06-23T19:50:55+00:00","cve":"CVE-2026-0416","urls":{"html":"https://cve.report/CVE-2026-0416","api":"https://cve.report/api/cve/CVE-2026-0416.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-0416","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-0416"},"summary":{"title":"Improper input validation in certain NETGEAR routers allows unauthorized modification of protected router functionality","description":"An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with local network access to submit crafted input that bypasses intended management interface restrictions, resulting in unauthorized modification of protected router software or functionality.","state":"PUBLISHED","assigner":"NETGEAR","published_at":"2026-06-09 17:16:59","updated_at":"2026-06-18 13:53:17"},"problem_types":["CWE-20","NVD-CWE-noinfo","CWE-20 CWE-20 Improper input validation"],"metrics":[{"version":"4.0","source":"a2826606-91e7-4eb6-899e-8484bd4575d5","type":"Secondary","score":"4.3","severity":"MEDIUM","vector":"CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:L/U:Amber","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:L/U:Amber","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"AMBER"}},{"version":"4.0","source":"CNA","type":"CVSS","score":"4.3","severity":"MEDIUM","vector":"CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber","data":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"ADJACENT","baseScore":4.3,"baseSeverity":"MEDIUM","exploitMaturity":"UNREPORTED","privilegesRequired":"HIGH","providerUrgency":"AMBER","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"LOW"}},{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"4.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","baseScore":4.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"}}],"references":[{"url":"https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory","name":"https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory","refsource":"a2826606-91e7-4eb6-899e-8484bd4575d5","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.netgear.com/support/product/raxe450/","name":"https://www.netgear.com/support/product/raxe450/","refsource":"a2826606-91e7-4eb6-899e-8484bd4575d5","tags":["Product"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.netgear.com/support/product/raxe500/","name":"https://www.netgear.com/support/product/raxe500/","refsource":"a2826606-91e7-4eb6-899e-8484bd4575d5","tags":["Product"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-0416","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-0416","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"NETGEAR","product":"RAXE450","version":"affected V1.0.12.96 V1.2.14.114 custom","platforms":[]},{"source":"CNA","vendor":"NETGEAR","product":"RAXE500","version":"affected V1.0.12.96 V1.2.14.114 custom","platforms":[]}],"timeline":[],"solutions":[{"source":"CNA","title":"","value":"Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\n\nProductFixed VersionRAXE450 Nighthawk AXE10000 Tri-Band WiFi 6E Router V1.2.14.114 https://www.netgear.com/support/product/raxe450/ RAXE500 Nighthawk AX12 12-Stream AXE11000 Tri-Band WiFi 6E Router V1.2.14.114 https://www.netgear.com/support/product/raxe500/","time":"","lang":"en"}],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"fxc233","lang":"en"}],"nvd_cpes":[{"cve_year":"2026","cve_id":"416","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netgear","cpe5":"raxe450","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"416","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netgear","cpe5":"raxe450_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"416","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"netgear","cpe5":"raxe500","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"416","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netgear","cpe5":"raxe500_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"416","cve":"CVE-2026-0416","epss":"0.001800000","percentile":"0.075980000","score_date":"2026-06-22","updated_at":"2026-06-23 00:09:28"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-0416","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-06-09T17:35:04.463131Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-06-09T18:39:50.259Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"RAXE450","vendor":"NETGEAR","versions":[{"lessThan":"V1.2.14.114","status":"affected","version":"V1.0.12.96","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"RAXE500","vendor":"NETGEAR","versions":[{"lessThan":"V1.2.14.114","status":"affected","version":"V1.0.12.96","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"fxc233"}],"datePublic":"2026-06-09T00:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with local network access to submit crafted input that bypasses intended management interface restrictions, resulting in unauthorized modification of protected router software or functionality.</p>"}],"value":"An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with local network access to submit crafted input that bypasses intended management interface restrictions, resulting in unauthorized modification of protected router software or functionality."}],"impacts":[{"capecId":"CAPEC-122","descriptions":[{"lang":"en","value":"CAPEC-122 Privilege Abuse"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"ADJACENT","baseScore":4.3,"baseSeverity":"MEDIUM","exploitMaturity":"UNREPORTED","privilegesRequired":"HIGH","providerUrgency":"AMBER","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"LOW"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-20","description":"CWE-20 Improper input validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-11T06:02:54.919Z","orgId":"a2826606-91e7-4eb6-899e-8484bd4575d5","shortName":"NETGEAR"},"references":[{"tags":["product","patch"],"url":"https://www.netgear.com/support/product/raxe500/"},{"tags":["product","patch"],"url":"https://www.netgear.com/support/product/raxe450/"},{"tags":["vendor-advisory"],"url":"https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:</p><table><thead><tr><th>Product</th><th>Fixed Version</th></tr></thead><tbody><tr><td><b>RAXE450</b> Nighthawk AXE10000 Tri-Band WiFi 6E Router</td><td><a href=\"https://www.netgear.com/support/product/raxe450/\">V1.2.14.114</a></td></tr><tr><td><b>RAXE500</b> Nighthawk AX12 12-Stream AXE11000 Tri-Band WiFi 6E Router</td><td><a href=\"https://www.netgear.com/support/product/raxe500/\">V1.2.14.114</a></td></tr></tbody></table>"}],"value":"Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\n\nProductFixed VersionRAXE450 Nighthawk AXE10000 Tri-Band WiFi 6E Router V1.2.14.114 https://www.netgear.com/support/product/raxe450/ RAXE500 Nighthawk AX12 12-Stream AXE11000 Tri-Band WiFi 6E Router V1.2.14.114 https://www.netgear.com/support/product/raxe500/"}],"source":{"discovery":"EXTERNAL"},"title":"Improper input validation in certain NETGEAR routers allows unauthorized modification of protected router functionality","x_generator":{"engine":"Vulnogram 1.0.3"}}},"cveMetadata":{"assignerOrgId":"a2826606-91e7-4eb6-899e-8484bd4575d5","assignerShortName":"NETGEAR","cveId":"CVE-2026-0416","datePublished":"2026-06-09T15:50:47.870Z","dateReserved":"2025-12-03T04:16:23.205Z","dateUpdated":"2026-06-11T06:02:54.919Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-09 17:16:59","lastModifiedDate":"2026-06-18 13:53:17","problem_types":["CWE-20","NVD-CWE-noinfo","CWE-20 CWE-20 Improper input validation"],"metrics":{"cvssMetricV40":[{"source":"a2826606-91e7-4eb6-899e-8484bd4575d5","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:L/U:Amber","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"AMBER"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","baseScore":4.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-09T17:35:04.463131Z","id":"CVE-2026-0416","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netgear:raxe450_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.14.114","matchCriteriaId":"907573F6-73D1-4E0D-8068-B9CA3A00A010"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netgear:raxe450:-:*:*:*:*:*:*:*","matchCriteriaId":"67D7EC2C-E443-4749-854E-5BC057CA6B06"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netgear:raxe500_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.14.114","matchCriteriaId":"B75B005E-469A-4AB4-A0F5-D0067D66FFA3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netgear:raxe500:-:*:*:*:*:*:*:*","matchCriteriaId":"6D23ADF0-05B4-4163-9666-3F470FB19E01"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"416","Ordinal":"1","Title":"Improper input validation in certain NETGEAR routers allows unau","CVE":"CVE-2026-0416","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"416","Ordinal":"1","NoteData":"An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with local network access to submit crafted input that bypasses intended management interface restrictions, resulting in unauthorized modification of protected router software or functionality.","Type":"Description","Title":"Improper input validation in certain NETGEAR routers allows unau"}]}}}