Netgear: 16 Medium-Severity Vulnerabilities Disclosed Together on June 9, 2026
Sixteen vulnerabilities affecting various Netgear router models were disclosed on June 9, 2026, primarily allowing local network attackers to execute commands or alter configurations.
Key findings
- Sixteen Netgear vulnerabilities disclosed on June 9, 2026, primarily affecting local network access.
- Most flaws are Medium severity, allowing command execution or configuration changes.
- CVE-2026-0419 and CVE-2026-0413 affect End-of-Support Netgear JR6150, with no planned patches.
- CVE-2026-0420 enables MiTM attacks via improper TLS certificate validation in ReadyCloud.
- CVE-2026-3088 allows unauthenticated users to cause denial-of-service.
- Orbi satellite-specific vulnerability CVE-2026-0411 could grant admin access.
On June 9, 2026, a batch of sixteen vulnerabilities impacting a range of Netgear consumer networking devices was disclosed, with all advisories published within minutes of each other. The majority of these flaws are rated as Medium severity and could allow authenticated or unauthenticated users on the local network to execute commands, modify router configurations, or disrupt service.
The disclosed vulnerabilities primarily stem from insufficient authentication, input validation, and configuration management. Several CVEs, including CVE-2026-9212, CVE-2026-9211, CVE-2026-9210, CVE-2026-0418, CVE-2026-0417, CVE-2026-0416, CVE-2026-0415, CVE-2026-0414, and CVE-2026-0413, highlight issues with input validation that could lead to unauthorized modifications of router software and functionality by authenticated administrators. Additionally, CVE-2026-9212 and CVE-2026-0411 suggest that unauthenticated local users could potentially execute commands or gain administrator access to Orbi satellites.
Specific to command execution, CVE-2026-0419 and CVE-2026-0413, affecting the Netgear JR6150 model, allow local users to execute operating system commands. Notably, the JR6150 reached its End-of-Support phase in 2018, meaning no further security updates are planned for this particular model, leaving it permanently vulnerable.
Denial-of-service is also a concern, with CVE-2026-3088 allowing unauthenticated local users to cause router unavailability through specially crafted requests. Another vulnerability, CVE-2026-0409, affects Netgear Orbi 370 series devices before version V12.1.2.7 and could allow an attacker capable of intercepting and tampering with traffic to run commands on the device during specific management actions.
Beyond local network threats, CVE-2026-0420 points to an improper implementation of TLS certificate validation in the ReadyCloud client app, potentially enabling man-in-the-middle (MiTM) attacks that impact confidentiality. This specific vulnerability affects listed Netgear models that utilize the ReadyCloud service.
While the majority of the disclosed vulnerabilities are rated Medium, CVE-2026-0410 is classified as Low severity. It allows authenticated administrators to gain elevated access and make unauthorized changes. The clustered disclosure of these sixteen vulnerabilities suggests a comprehensive internal review or a coordinated discovery effort by a security researcher or team.
Netgear has provided patches or firmware updates for many of the affected models. Users are strongly advised to consult Netgear's official advisories for specific model numbers and corresponding firmware versions. For devices like the JR6150 that are past their End-of-Support date, users may need to consider upgrading to a newer, supported model to ensure ongoing security.
The sheer volume of vulnerabilities disclosed simultaneously underscores the importance of regular firmware updates for network devices. While many of these flaws require local network access, the potential for command execution and configuration modification poses a significant risk to the integrity and confidentiality of home and small business networks. Users should prioritize applying available updates and reviewing their network security posture.