CVE-2026-0403

HIGH

NETGEAR Orbi - Command Injection

Title source: llm

Description

An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN to execute OS command injections.

References (11)

Scores

CVSS v3 8.0
EPSS 0.0008
EPSS Percentile 23.6%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-20
Status published

Affected Products (10)

netgear/rbe971_firmware < 9.10.0.2
netgear/rbe970_firmware < 9.10.0.2
netgear/rbr750_firmware < 7.2.8.5
netgear/rbr850_firmware < 7.2.8.5
netgear/rbr860_firmware < 7.2.8.5
netgear/rbs750_firmware < 7.2.8.5
netgear/rbs850_firmware < 7.2.8.5
netgear/rbs860_firmware < 7.2.8.5
netgear/rbre960_firmware < 7.2.8.5
netgear/rbse960_firmware < 7.2.8.5

Timeline

Published Jan 13, 2026
Tracked Since Feb 18, 2026