{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0412", "assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5", "state": "PUBLISHED", "assignerShortName": "NETGEAR", "dateReserved": "2025-12-03T04:16:19.215Z", "datePublished": "2026-06-09T15:50:45.590Z", "dateUpdated": "2026-06-09T15:50:45.590Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5", "shortName": "NETGEAR", "dateUpdated": "2026-06-09T15:50:45.590Z"}, "title": "Insufficient input validation vulnerability in NETGEAR JR6150 Web UI", "datePublic": "2026-06-09T07:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-20", "description": "CWE-20 Improper input validation", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-248", "descriptions": [{"lang": "en", "value": "CAPEC-248 Command Injection"}]}], "affected": [{"vendor": "NETGEAR", "product": "JR6150", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "1.0.1.26", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Insufficient input validation vulnerability in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows administrators connected to the local network to make unauthorized modification of router software and functionality.\u00a0NETGEAR\u00a0JR6150 reached End-of-Support status in 2018 and is no longer receiving security updates. NETGEAR\u00a0strongly recommends \nreplacing these devices with newer NETGEAR models to ensure continued \nsecurity support and updates.\n\n\n\nThis vulnerability has been identified through firmware emulation in a \ncontrolled research environment and has not been verified on production \nhardware.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Insufficient input validation vulnerability in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows administrators connected to the local network to make unauthorized modification of router software and functionality.&nbsp;NETGEAR&nbsp;JR6150 reached End-of-Support status in 2018 and is no longer receiving security updates. NETGEAR&nbsp;strongly recommends \nreplacing these devices with newer NETGEAR models to ensure continued \nsecurity support and updates.</p><p>This vulnerability has been identified through firmware emulation in a \ncontrolled research environment and has not been verified on production \nhardware.</p>"}]}], "references": [{"url": "https://www.netgear.com/support/product/jr6150"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "UNREPORTED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "AMBER", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 4.3, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/V:D/U:Amber"}}], "solutions": [{"lang": "en", "value": "NETGEAR\u00a0JR6150\u00a0has reached End-of-Support phase, and no further security\n updates are planned. NETGEAR\u00a0strongly recommends replacing these \ndevices with newer NETGEAR models to ensure continued security support \nand updates.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>NETGEAR&nbsp;JR6150&nbsp;has reached End-of-Support phase, and no further security\n updates are planned. NETGEAR&nbsp;strongly recommends replacing these \ndevices with newer NETGEAR models to ensure continued security support \nand updates.</p>"}]}], "credits": [{"lang": "en", "value": "Security Research Center (SRC) @ Concordia University", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.3"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficient input validation vulnerability in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows administrators connected to the local network to make unauthorized modification of router software and functionality.\u00a0NETGEAR\u00a0JR6150 reached End-of-Support status in 2018 and is no longer receiving security updates. NETGEAR\u00a0strongly recommends \nreplacing these devices with newer NETGEAR models to ensure continued \nsecurity support and updates.\n\n\n\nThis vulnerability has been identified through firmware emulation in a \ncontrolled research environment and has not been verified on production \nhardware."}], "id": "CVE-2026-0412", "lastModified": "2026-06-09T17:16:58.627", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:X/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "type": "Secondary"}]}, "published": "2026-06-09T17:16:58.627", "references": [{"source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "url": "https://www.netgear.com/support/product/jr6150"}], "sourceIdentifier": "a2826606-91e7-4eb6-899e-8484bd4575d5", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.0.1.26]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "JR6150", "source": "cna", "vendor": "NETGEAR"}, "product": "jr6150", "vendor": "netgear"}], "created": "2026-06-09T17:30:09.849323+00:00", "updated": "2026-06-09T17:30:10.524355+00:00", "vendors": ["netgear", "netgear$PRODUCT$jr6150"]}