Primary

Context

NETGEAR R6260 and R6850 Improper Input Validation Vulnerability Allowing Command Execution

Vulnerability

Patched

A vulnerability allowing command execution has been identified in the NETGEAR R6260 and R6850 routers, both through version 1.1.0.86. This issue arises from improper input validation, which enables unauthenticated attackers on the local area network to conduct man-in-the-middle attacks and manipulate the device's DNS settings, ultimately leading to unauthorized command execution.

Impact

Exploitation of this vulnerability allows for unauthorized command execution on the affected router.

Remediation

Users are advised to update to the latest firmware version 1.1.0.88 for both the R6260 and R6850 models. Instructions for downloading the firmware are available on the NETGEAR Download Center.

Added: Nov 11, 2025, 5:29 PM

Updated: Nov 11, 2025, 7:58 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

4.2

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

4.2

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NETGEAR R6260 and R6850 Improper Input Validation Vulnerability Allowing Command Execution

Vulnerability

Impact

Remediation

Affected Products

NETGEAR R6260

NETGEAR R6850

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating