Insufficient Input Validation in NETGEAR Router Compromises Security
CVE-2026-0419

4.4MEDIUM

Key Information:

Vendor

Netgear

Status
Vendor
CVE Published:
9 June 2026

What is CVE-2026-0419?

The NETGEAR JR6150 AC750 WiFi Router is vulnerable due to insufficient input validation, allowing users connected to the local WiFi networks to execute operating system commands remotely. As the device reached its End-of-Support phase in 2018, no further security updates are available from NETGEAR, making it imperative for users to transition to newer models to mitigate potential security risks. This vulnerability was identified through firmware emulation in a controlled research environment, highlighting significant security concerns for users still utilizing this outdated routing hardware.

Affected Version(s)

JR6150 0 <= 1.0.1.26

References

CVSS V4

Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Security Research Center (SRC) @ Concordia University
.