Primary

Context

NETGEAR JR6150 Command Injection Vulnerability Allowing Local OS Command Execution

Vulnerability

A command injection vulnerability has been identified in the NETGEAR JR6150 AC750 WiFi Router, 802.11ac Dual Band Gigabit, released in 2014. This vulnerability arises from insufficient input validation, allowing users connected to the local WiFi network to execute operating system commands. The router has reached its End-of-Support phase as of 2018, with no further security updates planned. This vulnerability was discovered through firmware emulation in a controlled research environment and has not been verified on production hardware.

Impact

Exploitation of this vulnerability allows for unauthorized execution of operating system commands on the affected router.

Remediation

NETGEAR recommends replacing the JR6150 with a newer model to ensure continued security support and updates.

Added: Jun 9, 2026, 9:06 PM

Updated: Jun 9, 2026, 9:06 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

3.5

remediation

3.7

relevance

9.3

threat

0.0

urgency

5.7

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

3.5

remediation

3.7

relevance

9.3

threat

0.0

urgency

5.7

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NETGEAR JR6150 Command Injection Vulnerability Allowing Local OS Command Execution

Vulnerability

Impact

Remediation

Affected Products

NETGEAR JR6150

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating