Insufficient Input Validation in NETGEAR Router Compromises Security
CVE-2026-0419
4.4MEDIUM
What is CVE-2026-0419?
The NETGEAR JR6150 AC750 WiFi Router is vulnerable due to insufficient input validation, allowing users connected to the local WiFi networks to execute operating system commands remotely. As the device reached its End-of-Support phase in 2018, no further security updates are available from NETGEAR, making it imperative for users to transition to newer models to mitigate potential security risks. This vulnerability was identified through firmware emulation in a controlled research environment, highlighting significant security concerns for users still utilizing this outdated routing hardware.
Affected Version(s)
JR6150 0 <= 1.0.1.26
References
CVSS V4
Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Security Research Center (SRC) @ Concordia University