Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities found for RBE97x by NETGEAR
CVE-2026-0415 (GCVE-0-2026-0415)
Vulnerability from nvd – Published: 2026-06-09 15:50 – Updated: 2026-06-09 17:03
VLAI
Title
Insufficient input validation vulnerability in certain Orbi routers
Summary
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Insufficient input validation
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://www.netgear.com/support/product/rbe970/ | productpatch |
| https://www.netgear.com/support/product/rbre950/ | productpatch |
| https://www.netgear.com/support/product/rbr850/ | productpatch |
| https://www.netgear.com/support/product/rbs840/ | productpatch |
| https://www.netgear.com/support/product/rbr750/ | productpatch |
| https://www.netgear.com/support/product/rbs750/ | productpatch |
| https://www.netgear.com/support/product/rbr840/ | productpatch |
| https://www.netgear.com/support/product/rbr860/ | productpatch |
| https://www.netgear.com/support/product/rbre960/ | productpatch |
| https://www.netgear.com/support/product/rbs850/ | productpatch |
| https://www.netgear.com/support/product/rbs860/ | productpatch |
| https://www.netgear.com/support/product/rbse950/ | productpatch |
| https://www.netgear.com/support/product/rbse960/ | productpatch |
Impacted products
13 products
| Vendor | Product | Version | |
|---|---|---|---|
| NETGEAR | RBE97x |
Affected:
0 , < V9.12.4.9
(custom)
|
|
| NETGEAR | RBR750 |
Affected:
0 , < V7.2.8.5
(custom)
|
|
| NETGEAR | RBR840 |
Affected:
0 , < V7.2.8.5
(custom)
|
|
| NETGEAR | RBR850 |
Affected:
0 , < V7.2.8.5
(custom)
|
|
| NETGEAR | RBR860 |
Affected:
0 , < V7.2.8.5
(custom)
|
|
| NETGEAR | RBRE950 |
Affected:
0 , < V7.2.8.5
(custom)
|
|
| NETGEAR | RBRE960 |
Affected:
0 , < V7.2.8.5
(custom)
|
|
| NETGEAR | RBS750 |
Affected:
0 , < V7.2.8.5
(custom)
|
|
| NETGEAR | RBS840 |
Affected:
0 , < V7.2.8.5
(custom)
|
|
| NETGEAR | RBS850 |
Affected:
0 , < V7.2.8.5
(custom)
|
|
| NETGEAR | RBS860 |
Affected:
0 , < V7.2.8.5
(custom)
|
|
| NETGEAR | RBSE950 |
Affected:
0 , < V7.2.8.5
(custom)
|
|
| NETGEAR | RBSE960 |
Affected:
0 , < V7.2.8.5
(custom)
|
Date Public
2026-06-09 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0415",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T17:02:38.168412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T17:03:58.746Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RBE97x",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V9.12.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBR750",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBR840",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBR850",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBR860",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBRE950",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBRE960",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBS750",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBS840",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBS850",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBS860",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBSE950",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBSE960",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInsufficient input validation vulnerability in the\u0026nbsp;listed NETGEAR models allows\u0026nbsp;authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.\u003c/p\u003e"
}
],
"value": "Insufficient input validation vulnerability in the\u00a0listed NETGEAR models allows\u00a0authenticated administrators connected to the local network to make unauthorized modification of router software and functionality."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Insufficient input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T15:50:51.816Z",
"orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"shortName": "NETGEAR"
},
"references": [
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbe970/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbre950/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbr850/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbs840/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbr750/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbs750/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbr840/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbr860/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbre960/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbs850/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbs860/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbse950/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbse960/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eNETGEAR strongly recommends that you install the latest firmware as soon as possible.\u003c/p\u003e\u003cp\u003eIssue fixed in:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eProduct\u003c/th\u003e\u003cth\u003eFixed Version\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eRBE97x\u003c/td\u003e\u003ctd\u003eV9.12.4.9\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBR750\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbr750/\"\u003eV7.2.8.5\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBR840*\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbr840/\"\u003eV7.2.8.5\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBR850\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbr850/\"\u003eV7.2.8.5\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBR860\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbr860/\"\u003eV7.2.8.5\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBRE950\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbre950/\"\u003eV7.2.8.5\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBRE960\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbre960/\"\u003eV7.2.8.5\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBS750\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbs750/\"\u003eV7.2.8.5\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBS840*\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbs840/\"\u003eV7.2.8.5\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBS850\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbs850/\"\u003eV7.2.8.5\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBS860\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbs860/\"\u003eV7.2.8.5\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBSE950\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbse950/\"\u003eV7.2.8.5\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBSE960\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbse960/\"\u003eV7.2.8.5\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u003cspan\u003e*\nModel has reached its End-of-Support phase and no future security updates are\nplanned. NETGEAR strongly recommends that you retire this device and upgrade to\na newer NETGEAR product for continued security support.\u003c/span\u003e\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "NETGEAR strongly recommends that you install the latest firmware as soon as possible.\n\n\n\nIssue fixed in:\n\n\n\n\n\nProductFixed VersionRBE97xV9.12.4.9RBR750 V7.2.8.5 https://www.netgear.com/support/product/rbr750/ RBR840* V7.2.8.5 https://www.netgear.com/support/product/rbr840/ RBR850 V7.2.8.5 https://www.netgear.com/support/product/rbr850/ RBR860 V7.2.8.5 https://www.netgear.com/support/product/rbr860/ RBRE950 V7.2.8.5 https://www.netgear.com/support/product/rbre950/ RBRE960 V7.2.8.5 https://www.netgear.com/support/product/rbre960/ RBS750 V7.2.8.5 https://www.netgear.com/support/product/rbs750/ RBS840* V7.2.8.5 https://www.netgear.com/support/product/rbs840/ RBS850 V7.2.8.5 https://www.netgear.com/support/product/rbs850/ RBS860 V7.2.8.5 https://www.netgear.com/support/product/rbs860/ RBSE950 V7.2.8.5 https://www.netgear.com/support/product/rbse950/ RBSE960 V7.2.8.5 https://www.netgear.com/support/product/rbse960/ \n\n*\nModel has reached its End-of-Support phase and no future security updates are\nplanned. NETGEAR strongly recommends that you retire this device and upgrade to\na newer NETGEAR product for continued security support."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insufficient input validation vulnerability in certain Orbi routers",
"x_generator": {
"engine": "Vulnogram 1.0.3"
}
}
},
"cveMetadata": {
"assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"assignerShortName": "NETGEAR",
"cveId": "CVE-2026-0415",
"datePublished": "2026-06-09T15:50:51.816Z",
"dateReserved": "2025-12-03T04:16:22.194Z",
"dateUpdated": "2026-06-09T17:03:58.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0414 (GCVE-0-2026-0414)
Vulnerability from nvd – Published: 2026-06-09 15:50 – Updated: 2026-06-09 17:05
VLAI
Title
Arbitrary Code Execution vulnerability exists in RBE970
Summary
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.netgear.com/support/product/rbe970/ | productpatch |
Impacted products
Date Public
2026-06-09 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0414",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T17:05:02.909835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T17:05:19.275Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RBE97x",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V9.12.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInsufficient input validation vulnerability in the\u0026nbsp;listed NETGEAR models allows\u0026nbsp;authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.\u003c/p\u003e"
}
],
"value": "Insufficient input validation vulnerability in the\u00a0listed NETGEAR models allows\u00a0authenticated administrators connected to the local network to make unauthorized modification of router software and functionality."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Remote Code Execution"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T15:50:51.171Z",
"orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"shortName": "NETGEAR"
},
"references": [
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbe970/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNETGEAR strongly recommends that you install the\nlatest firmware as soon as possible.\u0026nbsp;\u003c/p\u003e\u003cp\u003eIssue fixed in:\u0026nbsp;\u003c/p\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eProduct\u003c/th\u003e\u003cth\u003eFixed Version\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eRBE97x\u003c/td\u003e\u003ctd\u003eV9.12.4.9\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "NETGEAR strongly recommends that you install the\nlatest firmware as soon as possible.\u00a0\n\n\n\nIssue fixed in:\u00a0\n\nProductFixed VersionRBE97xV9.12.4.9"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Arbitrary Code Execution vulnerability exists in RBE970",
"x_generator": {
"engine": "Vulnogram 1.0.3"
}
}
},
"cveMetadata": {
"assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"assignerShortName": "NETGEAR",
"cveId": "CVE-2026-0414",
"datePublished": "2026-06-09T15:50:51.171Z",
"dateReserved": "2025-12-03T04:16:21.302Z",
"dateUpdated": "2026-06-09T17:05:19.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0411 (GCVE-0-2026-0411)
Vulnerability from nvd – Published: 2026-06-09 15:50 – Updated: 2026-06-09 17:02
VLAI
Title
A Sensitive Information Disclosure Vulnerability in NETGEAR Orbi Satellites
Summary
An information disclosure vulnerability in the NETGEAR Orbi satellites could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability.
Orbi WiFi Systems without satellite devices are not impacted by this issue.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.netgear.com/support/product/rbr350/ | productpatch |
| https://www.netgear.com/support/product/rbs760/ | productpatch |
| https://www.netgear.com/support/product/rbs350/ | productpatch |
| https://www.netgear.com/support/product/rbr760/ | productpatch |
| https://www.netgear.com/support/product/rbe970/ | productpatch |
Impacted products
Date Public
2026-06-09 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0411",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T17:01:39.977725Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T17:02:05.761Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RBE97x",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "6.3.8.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBR350",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V4.4.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBR760",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V6.3.8.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBS350",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V4.4.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBS760",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V6.3.8.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An information disclosure vulnerability in the\u0026nbsp;NETGEAR\u0026nbsp;Orbi satellites could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eOrbi WiFi Systems without satellite devices are not impacted by this issue.\u003c/div\u003e"
}
],
"value": "An information disclosure vulnerability in the\u00a0NETGEAR\u00a0Orbi satellites could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability.\n\n\nOrbi WiFi Systems without satellite devices are not impacted by this issue."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Sensitive Information Disclosure"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T15:50:52.418Z",
"orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"shortName": "NETGEAR"
},
"references": [
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbr350/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbs760/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbs350/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbr760/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbe970/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan\u003eNETGEAR strongly recommends that you install the\nlatest firmware as soon as possible.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eIssue f\u003c/span\u003eixed in:\u003c/p\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eProduct\u003c/th\u003e\u003cth\u003eFixed Version\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eRBE97x\u003c/td\u003e\u003ctd\u003eV6.3.8.11\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBR350\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbr350/\"\u003eV4.4.2.2\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBR760\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbr760/\"\u003eV6.3.8.11\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBS350\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbs350/\"\u003eV4.4.2.2\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBS760\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbs760/\"\u003eV6.3.8.11\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "NETGEAR strongly recommends that you install the\nlatest firmware as soon as possible.\u00a0\n\n\n\nIssue fixed in:\n\nProductFixed VersionRBE97xV6.3.8.11RBR350 V4.4.2.2 https://www.netgear.com/support/product/rbr350/ RBR760 V6.3.8.11 https://www.netgear.com/support/product/rbr760/ RBS350 V4.4.2.2 https://www.netgear.com/support/product/rbs350/ RBS760 V6.3.8.11 https://www.netgear.com/support/product/rbs760/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "A Sensitive Information Disclosure Vulnerability in NETGEAR Orbi Satellites",
"x_generator": {
"engine": "Vulnogram 1.0.3"
}
}
},
"cveMetadata": {
"assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"assignerShortName": "NETGEAR",
"cveId": "CVE-2026-0411",
"datePublished": "2026-06-09T15:50:52.418Z",
"dateReserved": "2025-12-03T04:16:18.239Z",
"dateUpdated": "2026-06-09T17:02:05.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0411 (GCVE-0-2026-0411)
Vulnerability from cvelistv5 – Published: 2026-06-09 15:50 – Updated: 2026-06-09 17:02
VLAI
Title
A Sensitive Information Disclosure Vulnerability in NETGEAR Orbi Satellites
Summary
An information disclosure vulnerability in the NETGEAR Orbi satellites could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability.
Orbi WiFi Systems without satellite devices are not impacted by this issue.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.netgear.com/support/product/rbr350/ | productpatch |
| https://www.netgear.com/support/product/rbs760/ | productpatch |
| https://www.netgear.com/support/product/rbs350/ | productpatch |
| https://www.netgear.com/support/product/rbr760/ | productpatch |
| https://www.netgear.com/support/product/rbe970/ | productpatch |
Impacted products
Date Public
2026-06-09 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0411",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T17:01:39.977725Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T17:02:05.761Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RBE97x",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "6.3.8.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBR350",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V4.4.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBR760",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V6.3.8.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBS350",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V4.4.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBS760",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V6.3.8.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An information disclosure vulnerability in the\u0026nbsp;NETGEAR\u0026nbsp;Orbi satellites could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eOrbi WiFi Systems without satellite devices are not impacted by this issue.\u003c/div\u003e"
}
],
"value": "An information disclosure vulnerability in the\u00a0NETGEAR\u00a0Orbi satellites could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability.\n\n\nOrbi WiFi Systems without satellite devices are not impacted by this issue."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Sensitive Information Disclosure"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T15:50:52.418Z",
"orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"shortName": "NETGEAR"
},
"references": [
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbr350/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbs760/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbs350/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbr760/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbe970/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan\u003eNETGEAR strongly recommends that you install the\nlatest firmware as soon as possible.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eIssue f\u003c/span\u003eixed in:\u003c/p\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eProduct\u003c/th\u003e\u003cth\u003eFixed Version\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eRBE97x\u003c/td\u003e\u003ctd\u003eV6.3.8.11\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBR350\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbr350/\"\u003eV4.4.2.2\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBR760\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbr760/\"\u003eV6.3.8.11\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBS350\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbs350/\"\u003eV4.4.2.2\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBS760\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbs760/\"\u003eV6.3.8.11\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "NETGEAR strongly recommends that you install the\nlatest firmware as soon as possible.\u00a0\n\n\n\nIssue fixed in:\n\nProductFixed VersionRBE97xV6.3.8.11RBR350 V4.4.2.2 https://www.netgear.com/support/product/rbr350/ RBR760 V6.3.8.11 https://www.netgear.com/support/product/rbr760/ RBS350 V4.4.2.2 https://www.netgear.com/support/product/rbs350/ RBS760 V6.3.8.11 https://www.netgear.com/support/product/rbs760/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "A Sensitive Information Disclosure Vulnerability in NETGEAR Orbi Satellites",
"x_generator": {
"engine": "Vulnogram 1.0.3"
}
}
},
"cveMetadata": {
"assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"assignerShortName": "NETGEAR",
"cveId": "CVE-2026-0411",
"datePublished": "2026-06-09T15:50:52.418Z",
"dateReserved": "2025-12-03T04:16:18.239Z",
"dateUpdated": "2026-06-09T17:02:05.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0415 (GCVE-0-2026-0415)
Vulnerability from cvelistv5 – Published: 2026-06-09 15:50 – Updated: 2026-06-09 17:03
VLAI
Title
Insufficient input validation vulnerability in certain Orbi routers
Summary
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Insufficient input validation
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://www.netgear.com/support/product/rbe970/ | productpatch |
| https://www.netgear.com/support/product/rbre950/ | productpatch |
| https://www.netgear.com/support/product/rbr850/ | productpatch |
| https://www.netgear.com/support/product/rbs840/ | productpatch |
| https://www.netgear.com/support/product/rbr750/ | productpatch |
| https://www.netgear.com/support/product/rbs750/ | productpatch |
| https://www.netgear.com/support/product/rbr840/ | productpatch |
| https://www.netgear.com/support/product/rbr860/ | productpatch |
| https://www.netgear.com/support/product/rbre960/ | productpatch |
| https://www.netgear.com/support/product/rbs850/ | productpatch |
| https://www.netgear.com/support/product/rbs860/ | productpatch |
| https://www.netgear.com/support/product/rbse950/ | productpatch |
| https://www.netgear.com/support/product/rbse960/ | productpatch |
Impacted products
13 products
| Vendor | Product | Version | |
|---|---|---|---|
| NETGEAR | RBE97x |
Affected:
0 , < V9.12.4.9
(custom)
|
|
| NETGEAR | RBR750 |
Affected:
0 , < V7.2.8.5
(custom)
|
|
| NETGEAR | RBR840 |
Affected:
0 , < V7.2.8.5
(custom)
|
|
| NETGEAR | RBR850 |
Affected:
0 , < V7.2.8.5
(custom)
|
|
| NETGEAR | RBR860 |
Affected:
0 , < V7.2.8.5
(custom)
|
|
| NETGEAR | RBRE950 |
Affected:
0 , < V7.2.8.5
(custom)
|
|
| NETGEAR | RBRE960 |
Affected:
0 , < V7.2.8.5
(custom)
|
|
| NETGEAR | RBS750 |
Affected:
0 , < V7.2.8.5
(custom)
|
|
| NETGEAR | RBS840 |
Affected:
0 , < V7.2.8.5
(custom)
|
|
| NETGEAR | RBS850 |
Affected:
0 , < V7.2.8.5
(custom)
|
|
| NETGEAR | RBS860 |
Affected:
0 , < V7.2.8.5
(custom)
|
|
| NETGEAR | RBSE950 |
Affected:
0 , < V7.2.8.5
(custom)
|
|
| NETGEAR | RBSE960 |
Affected:
0 , < V7.2.8.5
(custom)
|
Date Public
2026-06-09 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0415",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T17:02:38.168412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T17:03:58.746Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RBE97x",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V9.12.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBR750",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBR840",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBR850",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBR860",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBRE950",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBRE960",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBS750",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBS840",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBS850",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBS860",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBSE950",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "RBSE960",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V7.2.8.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInsufficient input validation vulnerability in the\u0026nbsp;listed NETGEAR models allows\u0026nbsp;authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.\u003c/p\u003e"
}
],
"value": "Insufficient input validation vulnerability in the\u00a0listed NETGEAR models allows\u00a0authenticated administrators connected to the local network to make unauthorized modification of router software and functionality."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Insufficient input validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T15:50:51.816Z",
"orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"shortName": "NETGEAR"
},
"references": [
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbe970/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbre950/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbr850/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbs840/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbr750/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbs750/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbr840/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbr860/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbre960/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbs850/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbs860/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbse950/"
},
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbse960/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eNETGEAR strongly recommends that you install the latest firmware as soon as possible.\u003c/p\u003e\u003cp\u003eIssue fixed in:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eProduct\u003c/th\u003e\u003cth\u003eFixed Version\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eRBE97x\u003c/td\u003e\u003ctd\u003eV9.12.4.9\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBR750\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbr750/\"\u003eV7.2.8.5\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBR840*\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbr840/\"\u003eV7.2.8.5\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBR850\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbr850/\"\u003eV7.2.8.5\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBR860\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbr860/\"\u003eV7.2.8.5\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBRE950\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbre950/\"\u003eV7.2.8.5\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBRE960\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbre960/\"\u003eV7.2.8.5\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBS750\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbs750/\"\u003eV7.2.8.5\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBS840*\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbs840/\"\u003eV7.2.8.5\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBS850\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbs850/\"\u003eV7.2.8.5\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBS860\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbs860/\"\u003eV7.2.8.5\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBSE950\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbse950/\"\u003eV7.2.8.5\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eRBSE960\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbse960/\"\u003eV7.2.8.5\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cp\u003e\u003cspan\u003e*\nModel has reached its End-of-Support phase and no future security updates are\nplanned. NETGEAR strongly recommends that you retire this device and upgrade to\na newer NETGEAR product for continued security support.\u003c/span\u003e\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "NETGEAR strongly recommends that you install the latest firmware as soon as possible.\n\n\n\nIssue fixed in:\n\n\n\n\n\nProductFixed VersionRBE97xV9.12.4.9RBR750 V7.2.8.5 https://www.netgear.com/support/product/rbr750/ RBR840* V7.2.8.5 https://www.netgear.com/support/product/rbr840/ RBR850 V7.2.8.5 https://www.netgear.com/support/product/rbr850/ RBR860 V7.2.8.5 https://www.netgear.com/support/product/rbr860/ RBRE950 V7.2.8.5 https://www.netgear.com/support/product/rbre950/ RBRE960 V7.2.8.5 https://www.netgear.com/support/product/rbre960/ RBS750 V7.2.8.5 https://www.netgear.com/support/product/rbs750/ RBS840* V7.2.8.5 https://www.netgear.com/support/product/rbs840/ RBS850 V7.2.8.5 https://www.netgear.com/support/product/rbs850/ RBS860 V7.2.8.5 https://www.netgear.com/support/product/rbs860/ RBSE950 V7.2.8.5 https://www.netgear.com/support/product/rbse950/ RBSE960 V7.2.8.5 https://www.netgear.com/support/product/rbse960/ \n\n*\nModel has reached its End-of-Support phase and no future security updates are\nplanned. NETGEAR strongly recommends that you retire this device and upgrade to\na newer NETGEAR product for continued security support."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insufficient input validation vulnerability in certain Orbi routers",
"x_generator": {
"engine": "Vulnogram 1.0.3"
}
}
},
"cveMetadata": {
"assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"assignerShortName": "NETGEAR",
"cveId": "CVE-2026-0415",
"datePublished": "2026-06-09T15:50:51.816Z",
"dateReserved": "2025-12-03T04:16:22.194Z",
"dateUpdated": "2026-06-09T17:03:58.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0414 (GCVE-0-2026-0414)
Vulnerability from cvelistv5 – Published: 2026-06-09 15:50 – Updated: 2026-06-09 17:05
VLAI
Title
Arbitrary Code Execution vulnerability exists in RBE970
Summary
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.netgear.com/support/product/rbe970/ | productpatch |
Impacted products
Date Public
2026-06-09 00:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0414",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T17:05:02.909835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T17:05:19.275Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RBE97x",
"vendor": "NETGEAR",
"versions": [
{
"lessThan": "V9.12.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInsufficient input validation vulnerability in the\u0026nbsp;listed NETGEAR models allows\u0026nbsp;authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.\u003c/p\u003e"
}
],
"value": "Insufficient input validation vulnerability in the\u00a0listed NETGEAR models allows\u00a0authenticated administrators connected to the local network to make unauthorized modification of router software and functionality."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Remote Code Execution"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T15:50:51.171Z",
"orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"shortName": "NETGEAR"
},
"references": [
{
"tags": [
"product",
"patch"
],
"url": "https://www.netgear.com/support/product/rbe970/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNETGEAR strongly recommends that you install the\nlatest firmware as soon as possible.\u0026nbsp;\u003c/p\u003e\u003cp\u003eIssue fixed in:\u0026nbsp;\u003c/p\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eProduct\u003c/th\u003e\u003cth\u003eFixed Version\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eRBE97x\u003c/td\u003e\u003ctd\u003eV9.12.4.9\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "NETGEAR strongly recommends that you install the\nlatest firmware as soon as possible.\u00a0\n\n\n\nIssue fixed in:\u00a0\n\nProductFixed VersionRBE97xV9.12.4.9"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Arbitrary Code Execution vulnerability exists in RBE970",
"x_generator": {
"engine": "Vulnogram 1.0.3"
}
}
},
"cveMetadata": {
"assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
"assignerShortName": "NETGEAR",
"cveId": "CVE-2026-0414",
"datePublished": "2026-06-09T15:50:51.171Z",
"dateReserved": "2025-12-03T04:16:21.302Z",
"dateUpdated": "2026-06-09T17:05:19.275Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}