NETGEAR Router Local Network Auth Bypass & Command Exec
CVE-2026-9212 Published on June 9, 2026
Insufficient authentication and input validation in certain NETGEAR products
Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting product's confidentiality or change certain configurations.
Weakness Types
Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Affected Versions
NETGEAR LBR1020:- Before V2.6.4.60 is affected.
- Before V2.7.6.8 is affected.
- Before and including 1.0.20.174 is affected.
- Before V1.0.4.96 is affected.
- Before V1.0.6.46 is affected.
- Before V1.0.5.50 is affected.
- Before V1.0.5.50 is affected.
- Before V1.2.10.56 is affected.
- Before V1.2.10.56 is affected.
- Before V1.2.10.56 is affected.
- Before V1.0.5.50 is affected.
- Before V1.0.19.172 is affected.
- Before V1.0.19.172 is affected.
- Before and including 2.7.6.6 is affected.
- Before and including 2.7.6.6 is affected.
- Before V4.4.2.1 is affected.
- Before and including 2.7.6.6 is affected.
- Before and including 2.7.6.6 is affected.
- Before and including 2.7.6.6 is affected.
- Before and including 2.7.6.6 is affected.
- Before V4.4.2.1 is affected.
- Before and including 2.7.6.6 is affected.
- Before and including 2.7.6.6 is affected.
- Before V2.3.3.136 is affected.
- Before v2.3.3.136 is affected.