NETGEAR Router Firmware: Authenticated Admin Input Validation Exploit
CVE-2026-9210 Published on June 9, 2026

Certain NETGEAR routers allow authenticated administrators to gain unintended control of the router
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.

Vendor Advisory NVD

Weakness Type

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.


Products Associated with CVE-2026-9210

Want to know whenever a new CVE is published for Netgear products? stack.watch will email you.

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Affected Versions

NETGEAR EX3700: NETGEAR EX3800: NETGEAR EX6120: NETGEAR EX6130: NETGEAR MR60: NETGEAR MR70: NETGEAR MR80: NETGEAR MS60: NETGEAR MS70: NETGEAR MS80: NETGEAR R6400v2: NETGEAR R6700v3: NETGEAR R6900P: NETGEAR R7000: NETGEAR R7000P: NETGEAR R7960P: NETGEAR R8000P: NETGEAR R8500: NETGEAR RAX20: NETGEAR RAX35v2: NETGEAR RAX40v2: NETGEAR RAX41: NETGEAR RAX42: NETGEAR RAX43: NETGEAR RAX45: NETGEAR RAX48: NETGEAR RAX50: NETGEAR RAX50S: NETGEAR RAXE450: NETGEAR RAXE500: NETGEAR XR1000:

Exploit Probability

EPSS
0.22%
Percentile
11.83%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.