CVE-2026-0410

Name: CVE-2026-0410
Creator: NVD / NIST
Published: 2026-06-09T17:16:58.227+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

LOWCVSS 1.9/10EPSS 0.22%

Last modified Jun 18, 2026

CVE-2026-0410 is a low-severity vulnerability rated 1.9/10 on the CVSS scale. Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality.. EPSS estimates a 0.22% chance of exploitation in the next 30 days.

Description

Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality.

Metrics

CVSS 3.1

4.5/10

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CVSS 4.0

1.9/10

CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:L/U:Amber

EPSS Probability

0.22%

12.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Netgear	R7000 Firmware	< 1.0.11.216
Netgear	Rax20 Firmware	< 1.0.18.144
Netgear	Rax35v2 Firmware	< 1.0.16.132
Netgear	Rax41 Firmware	< 1.0.16.132
Netgear	Rax41v2 Firmware	< 1.1.4.28
Netgear	Rax42 Firmware	< 1.0.16.132
Netgear	Rax42v2 Firmware	< 1.1.4.28
Netgear	Rax43 Firmware	< 1.0.16.132
Netgear	Rax43v2 Firmware	< 1.1.4.28
Netgear	Rax45 Firmware	< 1.0.16.132
Netgear	Rax49s Firmware	< 1.1.4.28
Netgear	Rax50 Firmware	< 1.0.16.132
Netgear	Rax50s Firmware	< 1.0.16.132
Netgear	Rax50v2 Firmware	< 1.1.4.28
Netgear	Rax54sv2 Firmware	< 1.1.4.28
Netgear	Raxe450 Firmware	< 1.2.14.114
Netgear	Raxe500 Firmware	< 1.2.14.114
Netgear	Xr1000 Firmware	< 1.1.0.22
Netgear	Xr1000v2 Firmware	< 1.1.0.22

References

Timeline

Published: Jun 9, 2026
Last Modified: Jun 18, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2026-0410?

Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality.

How severe is CVE-2026-0410?

CVE-2026-0410 has a CVSS score of 1.9/10 (LOW severity). The EPSS model estimates a 0.22% probability of exploitation in the next 30 days.

How do I fix CVE-2026-0410?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2026-0410?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST