CVE-2026-0412: CWE-20 Improper input validation in NETGEAR JR6150
Insufficient input validation vulnerability in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in 2018 and is no longer receiving security updates. NETGEAR strongly recommends replacing these devices with newer NETGEAR models to ensure continued security support and updates. This vulnerability has been identified through firmware emulation in a controlled research environment and has not been verified on production hardware.
AI Analysis
Technical Summary
This vulnerability (CVE-2026-0412) involves improper input validation (CWE-20) in the NETGEAR JR6150 router, enabling local network administrators to modify router software and functionality without proper authorization. The device is out of support since 2018, and no official patches or fixes are available. The issue was discovered via firmware emulation and lacks verification on actual hardware. The CVSS 4.3 score reflects a medium severity with attack vector limited to adjacent network and requiring high privileges.
Potential Impact
An attacker with administrator access on the local network could exploit this vulnerability to make unauthorized changes to the router's software and functionality. Since the device is no longer supported or patched, these unauthorized modifications could persist, potentially compromising network security or stability. However, the vulnerability has not been observed in the wild and remains unconfirmed on production devices.
Mitigation Recommendations
No official patch or remediation is available as the device reached End-of-Support in 2018. NETGEAR strongly recommends replacing the affected JR6150 devices with newer models that continue to receive security updates and support. Users should consider device replacement as the primary mitigation.
CVE-2026-0412: CWE-20 Improper input validation in NETGEAR JR6150
Description
Insufficient input validation vulnerability in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in 2018 and is no longer receiving security updates. NETGEAR strongly recommends replacing these devices with newer NETGEAR models to ensure continued security support and updates. This vulnerability has been identified through firmware emulation in a controlled research environment and has not been verified on production hardware.
CVSS v4.0
Score 4.3medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-0412) involves improper input validation (CWE-20) in the NETGEAR JR6150 router, enabling local network administrators to modify router software and functionality without proper authorization. The device is out of support since 2018, and no official patches or fixes are available. The issue was discovered via firmware emulation and lacks verification on actual hardware. The CVSS 4.3 score reflects a medium severity with attack vector limited to adjacent network and requiring high privileges.
Potential Impact
An attacker with administrator access on the local network could exploit this vulnerability to make unauthorized changes to the router's software and functionality. Since the device is no longer supported or patched, these unauthorized modifications could persist, potentially compromising network security or stability. However, the vulnerability has not been observed in the wild and remains unconfirmed on production devices.
Mitigation Recommendations
No official patch or remediation is available as the device reached End-of-Support in 2018. NETGEAR strongly recommends replacing the affected JR6150 devices with newer models that continue to receive security updates and support. Users should consider device replacement as the primary mitigation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- NETGEAR
- Date Reserved
- 2025-12-03T04:16:19.215Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a283e948dd33fbd8553f0f7
Added to database: 6/9/2026, 4:25:56 PM
Last enriched: 6/9/2026, 4:55:50 PM
Last updated: 6/10/2026, 4:56:56 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.