CVE-2026-0415
MEDIUMNETGEAR Orbi Routers - Authenticated Unauthorized Software Modification
Title source: manualDescription
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
References (14)
Core 14
Core References
Patch product
patch
https://www.netgear.com/support/product/rbre960/
Patch product
patch
https://www.netgear.com/support/product/rbs850/
Patch product
patch
https://www.netgear.com/support/product/rbe970/
Patch product
patch
https://www.netgear.com/support/product/rbre950/
Patch product
patch
https://www.netgear.com/support/product/rbr850/
Patch product
patch
https://www.netgear.com/support/product/rbs840/
Patch product
patch
https://www.netgear.com/support/product/rbr750/
Patch product
patch
https://www.netgear.com/support/product/rbs750/
Patch product
patch
https://www.netgear.com/support/product/rbr840/
Patch product
patch
https://www.netgear.com/support/product/rbr860/
Patch product
patch
https://www.netgear.com/support/product/rbs860/
Patch product
patch
https://www.netgear.com/support/product/rbse950/
Patch product
patch
https://www.netgear.com/support/product/rbse960/
Vendor Advisory vendor-advisory
https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory
Scores
CVSS v4
4.3
EPSS
0.0026
EPSS Percentile
16.8%
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (14)
NETGEAR/RBE970
< V9.12.4.9
NETGEAR/RBE97x
< V9.12.4.9
NETGEAR/RBR750
< V7.2.8.5
NETGEAR/RBR840
< V7.2.8.5
NETGEAR/RBR850
< V7.2.8.5
NETGEAR/RBR860
< V7.2.8.5
NETGEAR/RBRE950
< V7.2.8.5
NETGEAR/RBRE960
< V7.2.8.5
NETGEAR/RBS750
< V7.2.8.5
NETGEAR/RBS840
< V7.2.8.5
... and 4 more
Published
Jun 09, 2026
Tracked Since
Jun 09, 2026