CVE-2026-0414: Insufficient Input Validation Allows Unauthorized Modification of Router Software in certain NETGEAR Routers
Published Jun 9, 2026
·Updated
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
Affected Software
1 affected component
Netgear NETGEAR routers
Remediation
Information
NETGEAR strongly recommends that you install the latest firmware as soon as possible.
Issue fixed in:
ProductFixed VersionRBE970 Orbi Quad-band Mesh WiFi 7 Add-on Satellite V9.12.4.9 https://www.netgear.com/support/product/rbe970/
Event History
Jun 9, 2026
CVE Published
via MITRE·03:50 PM
Data Sourced
via MITRE·03:50 PM
RemedyDescriptionWeakness
Data Sourced
via NVD·05:16 PM
DescriptionSeverityWeakness
Frequently Asked Questions
1
What is the severity of CVE-2026-0414?
The severity of CVE-2026-0414 is classified as medium with a CVSS score of 4.3.
2
How do I fix CVE-2026-0414?
To fix CVE-2026-0414, install the latest firmware version recommended by NETGEAR for your router model.
3
What are the consequences of CVE-2026-0414?
CVE-2026-0414 allows authenticated administrators to make unauthorized modifications to router software and functionality.
4
Which NETGEAR models are affected by CVE-2026-0414?
CVE-2026-0414 affects certain NETGEAR router models that have insufficient input validation.
5
What type of vulnerability is CVE-2026-0414?
CVE-2026-0414 is classified as a code injection vulnerability due to insufficient input validation.