CVE-2026-0403
HIGHNETGEAR Orbi Routers - OS Command Injection via Insufficient Input Validation
Title source: llmDescription
An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN to execute OS command injections.
References (11)
Core 11
Core References
Various Sources product
patch
https://www.netgear.com/support/product/rbr750
Various Sources patch
product
https://www.netgear.com/support/product/rbs750
Various Sources product
patch
https://www.netgear.com/support/product/rbre960
Various Sources product
patch
https://www.netgear.com/support/product/rbse960
Various Sources product
patch
https://www.netgear.com/support/product/rbr850
Various Sources product
patch
https://www.netgear.com/support/product/rbs850
Various Sources product
patch
https://www.netgear.com/support/product/rbe971
Various Sources product
patch
https://www.netgear.com/support/product/rbe970
Various Sources product
patch
https://www.netgear.com/support/product/rbr860
Various Sources product
patch
https://www.netgear.com/support/product/rbs860
Various Sources vendor-advisory
https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory
Scores
CVSS v3
8.0
EPSS
0.0008
EPSS Percentile
24.1%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-20
Status
published
Products (10)
netgear/rbe970_firmware
< 9.10.0.2
netgear/rbe971_firmware
< 9.10.0.2
netgear/rbr750_firmware
< 7.2.8.5
netgear/rbr850_firmware
< 7.2.8.5
netgear/rbr860_firmware
< 7.2.8.5
netgear/rbre960_firmware
< 7.2.8.5
netgear/rbs750_firmware
< 7.2.8.5
netgear/rbs850_firmware
< 7.2.8.5
netgear/rbs860_firmware
< 7.2.8.5
netgear/rbse960_firmware
< 7.2.8.5
Published
Jan 13, 2026
Tracked Since
Feb 18, 2026