CVE-2026-0409
MEDIUMNetgear Orbi 370 Series Remote Code Execution vulnerability
Title source: cnaDescription
A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions. This issue affects NETGEAR Orbi 370 series devices before V12.1.2.7.
References (2)
Core 2
Core References
Patch product
patch
https://www.netgear.com/support/product/rbe372/
Vendor Advisory vendor-advisory
https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory
Scores
CVSS v4
4.8
EPSS
0.0028
EPSS Percentile
19.7%
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-119
Status
published
Products (1)
NETGEAR/Orbi 370
< V12.1.2.7
Published
Jun 09, 2026
Tracked Since
Jun 09, 2026