NETGEAR Router Input Validation Flaw Allows Admin RCE (CVE-2026-0414)
CVE-2026-0414 Published on June 9, 2026
Insufficient Input Validation Allows Unauthorized Modification of Router Software in certain NETGEAR Routers
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
Weakness Type
What is a Code Injection Vulnerability?
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CVE-2026-0414 has been classified to as a Code Injection vulnerability or weakness.
Products Associated with CVE-2026-0414
Want to know whenever a new CVE is published for Netgear Rbe970? stack.watch will email you.
Affected Versions
NETGEAR RBE970:- Before V9.12.4.9 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.