彙總 NETGEAR 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 路徑處理缺陷與輸入驗證問題 等問題,部分漏洞可能導致 檔案覆寫,並影響 生產負載與軟體部署 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-9213 | A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device. | a2826606-91e7-4eb6-899e-8484bd4575d5 | 6.9 | 0.40% | 2026-06-09 | 2026-06-18 |
| CVE-2026-9212 | Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or change certain configurations. | a2826606-91e7-4eb6-899e-8484bd4575d5 | 5.6 | 0.28% | 2026-06-09 | 2026-06-18 |
| CVE-2026-9211 | An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation. | a2826606-91e7-4eb6-899e-8484bd4575d5 | 5.2 | 0.21% | 2026-06-09 | 2026-06-18 |
| CVE-2026-9210 | Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality. | a2826606-91e7-4eb6-899e-8484bd4575d5 | 4.9 | 0.22% | 2026-06-09 | 2026-06-18 |
| CVE-2026-3088 | Unauthenticated users on the local network can cause the router to become unavailable by sending specially crafted requests. | a2826606-91e7-4eb6-899e-8484bd4575d5 | 4.9 | 0.36% | 2026-06-09 | 2026-06-18 |
| CVE-2026-0420 | An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks impacting the product's confidentiality. This vulnerability affects the listed NETGEAR models. | a2826606-91e7-4eb6-899e-8484bd4575d5 | 4.6 | 0.14% | 2026-06-09 | 2026-06-18 |
| CVE-2026-0419 | Insufficient input validation in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows users connected to the local WiFi Networks to execute operating system commands. NETGEAR JR6150 has reached End-of-Support phase as of 2018 , and no further security updates are planned. NETGEAR strongly recommends replacing these devices with newer NETGEAR models to ensure continued security support and updates. This vulnerability has been identified through firmware emul | a2826606-91e7-4eb6-899e-8484bd4575d5 | 4.4 | 0.31% | 2026-06-09 | 2026-06-18 |
| CVE-2026-0418 | Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system. | a2826606-91e7-4eb6-899e-8484bd4575d5 | 4.3 | 0.24% | 2026-06-09 | 2026-06-18 |
| CVE-2026-0417 | Insufficient input validation vulnerability in the listed NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity. | a2826606-91e7-4eb6-899e-8484bd4575d5 | 4.3 | 0.23% | 2026-06-09 | 2026-06-18 |
| CVE-2026-0416 | An insufficient input validation vulnerability in certain NETGEAR router models as listed allows an authenticated administrator with local network access to submit crafted input that bypasses intended management interface restrictions, resulting in unauthorized modification of protected router software or functionality. | a2826606-91e7-4eb6-899e-8484bd4575d5 | 4.3 | 0.19% | 2026-06-09 | 2026-06-18 |
| CVE-2026-0415 | Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality. | a2826606-91e7-4eb6-899e-8484bd4575d5 | 4.3 | 0.23% | 2026-06-09 | 2026-06-18 |
| CVE-2026-0414 | Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality. | a2826606-91e7-4eb6-899e-8484bd4575d5 | 4.3 | 0.19% | 2026-06-09 | 2026-06-18 |
| CVE-2026-0413 | A buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality. | a2826606-91e7-4eb6-899e-8484bd4575d5 | 4.3 | 0.34% | 2026-06-09 | 2026-06-18 |
| CVE-2026-0412 | Insufficient input validation vulnerability in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in 2018 and is no longer receiving security updates. NETGEAR strongly recommends replacing these devices with newer NETGEAR models to ensure continued security support and updates. This vulnerability | a2826606-91e7-4eb6-899e-8484bd4575d5 | 4.3 | 0.16% | 2026-06-09 | 2026-06-18 |
| CVE-2026-0411 | An information disclosure vulnerability in the NETGEAR Orbi satellites (RBR/RBE/RBS Series) could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability. Orbi WiFi Systems without satellite devices are not impacted by this issue. | a2826606-91e7-4eb6-899e-8484bd4575d5 | 4.2 | 0.28% | 2026-06-09 | 2026-06-18 |
| CVE-2026-0410 | Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality. | a2826606-91e7-4eb6-899e-8484bd4575d5 | 1.9 | 0.24% | 2026-06-09 | 2026-06-18 |
| CVE-2026-0409 | A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions. This issue affects NETGEAR Orbi 370 series devices before V12.1.2.7. | a2826606-91e7-4eb6-899e-8484bd4575d5 | 4.8 | 0.28% | 2026-06-09 | 2026-06-18 |
| CVE-2022-40620 | FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. An attacker (suitably positioned on the network) could intercept the update request and deliver a malicious update package in order to gain arbitrary code execution on affected devices. This affects R6230 before 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 b | [email protected] | 7.7 | 0.27% | 2026-01-28 | 2026-06-17 |
| CVE-2022-40619 | FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsq_access_token parameter. This affects R6230 before 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 before 1.0.5.42, and XR300 before 1.0.3.72 and Orbi RBR20 before 2.7.2.26, RBR50 before 2.7.4.26, RBS20 before 2. | [email protected] | 7.7 | 2.23% | 2026-01-28 | 2026-06-17 |
| CVE-2026-0408 | A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file, which records the username and password submitted to the router GUI. | a2826606-91e7-4eb6-899e-8484bd4575d5 | 6.1 | 0.23% | 2026-01-13 | 2026-06-17 |