Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
NETGEAR RBE97x unaffected
Version Status Constraints
0 affected < V9.12.4.9
NETGEAR RBR750 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBR840 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBR850 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBR860 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBRE950 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBRE960 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBS750 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBS840 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBS850 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBS860 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBSE950 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBSE960 unaffected
Version Status Constraints
0 affected < V7.2.8.5

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

No data.

Project Subscriptions

No data.

Advisories

No advisories yet.

Fixes

Solution

NETGEAR strongly recommends that you install the latest firmware as soon as possible. Issue fixed in: ProductFixed VersionRBE97xV9.12.4.9RBR750 V7.2.8.5 https://www.netgear.com/support/product/rbr750/ RBR840* V7.2.8.5 https://www.netgear.com/support/product/rbr840/ RBR850 V7.2.8.5 https://www.netgear.com/support/product/rbr850/ RBR860 V7.2.8.5 https://www.netgear.com/support/product/rbr860/ RBRE950 V7.2.8.5 https://www.netgear.com/support/product/rbre950/ RBRE960 V7.2.8.5 https://www.netgear.com/support/product/rbre960/ RBS750 V7.2.8.5 https://www.netgear.com/support/product/rbs750/ RBS840* V7.2.8.5 https://www.netgear.com/support/product/rbs840/ RBS850 V7.2.8.5 https://www.netgear.com/support/product/rbs850/ RBS860 V7.2.8.5 https://www.netgear.com/support/product/rbs860/ RBSE950 V7.2.8.5 https://www.netgear.com/support/product/rbse950/ RBSE960 V7.2.8.5 https://www.netgear.com/support/product/rbse960/ * Model has reached its End-of-Support phase and no future security updates are planned. NETGEAR strongly recommends that you retire this device and upgrade to a newer NETGEAR product for continued security support.

Workaround

No workaround given by the vendor.

References
Link Providers
https://www.netgear.com/support/product/rbe970/ cve-icon cve-icon
https://www.netgear.com/support/product/rbr750/ cve-icon cve-icon
https://www.netgear.com/support/product/rbr840/ cve-icon cve-icon
https://www.netgear.com/support/product/rbr850/ cve-icon cve-icon
https://www.netgear.com/support/product/rbr860/ cve-icon cve-icon
https://www.netgear.com/support/product/rbre950/ cve-icon cve-icon
https://www.netgear.com/support/product/rbre960/ cve-icon cve-icon
https://www.netgear.com/support/product/rbs750/ cve-icon cve-icon
https://www.netgear.com/support/product/rbs840/ cve-icon cve-icon
https://www.netgear.com/support/product/rbs850/ cve-icon cve-icon
https://www.netgear.com/support/product/rbs860/ cve-icon cve-icon
https://www.netgear.com/support/product/rbse950/ cve-icon cve-icon
https://www.netgear.com/support/product/rbse960/ cve-icon cve-icon
History

Tue, 09 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Description Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
Title Insufficient input validation vulnerability in certain Orbi routers
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 4.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: NETGEAR

Published:

Updated: 2026-06-09T17:03:58.746Z

Reserved: 2025-12-03T04:16:22.194Z

Link: CVE-2026-0415

cve-icon Vulnrichment

Updated: 2026-06-09T17:02:46.352Z

cve-icon NVD

Status : Received

Published: 2026-06-09T17:16:59.130

Modified: 2026-06-09T17:16:59.130

Link: CVE-2026-0415

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T17:30:10Z

Weaknesses