Description
An insufficient input validation vulnerability in NETGEAR Orbi devices'
DHCPv6 functionality allows network adjacent attackers authenticated
over WiFi or on LAN to execute OS command injections on the router.
DHCPv6 is not enabled by default.
Published: 2026-01-13
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: OS Command Injection on Router
Action: Apply Firmware Update
AI Analysis

Impact

An insufficient input validation flaw in the DHCPv6 handling of NETGEAR Orbi routers allows authenticated attackers on WiFi or LAN to inject and execute operating‑system commands on the device. The vulnerability is a classic case of CWE‑20, where user input is not properly sanitized before being passed to the underlying shell. Successful exploitation would give the attacker control over the router, enabling lateral movement, traffic interception, or denial of service for connected devices.

Affected Systems

The flaw affects NETGEAR Orbi line devices including RBR750, RBR840, RBR850, RBR860, RBS750, RBS840, RBS850, RBS860, RBRE950, RBRE960, RBSE950, and RBSE960. Firmware versions earlier than v7.2.8.5 are vulnerable; all models have a patch in firmware v7.2.8.5 or newer.

Risk and Exploitability

The CVSS score of 4.8 categorizes the issue as a moderate risk, while the EPSS score of less than 1% indicates a low probability of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalog, suggesting no publicly known active exploits. Attackers must be locally or WiFi‑authenticated and the DHCPv6 feature must be enabled, which is not the default setting, further limiting the attack surface.

Generated by OpenCVE AI on April 18, 2026 at 06:44 UTC.

Remediation

Vendor Solution

Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in: RBR750 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbr750 RBR840 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbr840 RBR850 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbr850 RBR860 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbr860 RBS750 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbs750 RBS840 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbs840 RBS850 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbs850 RBS860 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbs860 RBRE950 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbre950 RBRE960 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbre960 RBSE950 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbse950 RBSE960 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbse960

OpenCVE Recommended Actions

  • Update all Orbi routers to firmware v7.2.8.5 or later; the new firmware is listed in the official Netgear advisory and can be downloaded from each device’s support page.
  • Ensure automatic firmware updates are enabled so that future security patches are applied without manual intervention.
  • If a firmware upgrade cannot be performed immediately, disable the DHCPv6 feature on the router to remove the vulnerable code path, or isolate the router on a segregated management network to mitigate local‑network attacks.

Generated by OpenCVE AI on April 18, 2026 at 06:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Feb 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Netgear rbr750 Firmware
Netgear rbr840 Firmware
Netgear rbr850 Firmware
Netgear rbr860 Firmware
Netgear rbre950 Firmware
Netgear rbre960 Firmware
Netgear rbs750 Firmware
Netgear rbs840 Firmware
Netgear rbs850 Firmware
Netgear rbs860 Firmware
Netgear rbse950 Firmware
Netgear rbse960 Firmware
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:h:netgear:rbr750:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr840:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr860:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbre950:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbre960:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs840:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs860:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbse950:-:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbse960:-:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbr840_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbr860_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbre950_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbre960_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbs840_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbs860_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbse950_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netgear:rbse960_firmware:*:*:*:*:*:*:*:*
Vendors & Products Netgear rbr750 Firmware
Netgear rbr840 Firmware
Netgear rbr850 Firmware
Netgear rbr860 Firmware
Netgear rbre950 Firmware
Netgear rbre960 Firmware
Netgear rbs750 Firmware
Netgear rbs840 Firmware
Netgear rbs850 Firmware
Netgear rbs860 Firmware
Netgear rbse950 Firmware
Netgear rbse960 Firmware
Metrics cvssV3_1

{'score': 8.0, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Tue, 13 Jan 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 13 Jan 2026 16:30:00 +0000

Type Values Removed Values Added
References

Tue, 13 Jan 2026 16:15:00 +0000

Type Values Removed Values Added
Description An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is not enabled by default.
Title Insufficient input validation in NETGEAR Orbi routers
First Time appeared Netgear
Netgear rbr750
Netgear rbr840
Netgear rbr850
Netgear rbr860
Netgear rbre950
Netgear rbre960
Netgear rbs750
Netgear rbs840
Netgear rbs850
Netgear rbs860
Netgear rbse950
Netgear rbse960
Weaknesses CWE-20
CPEs cpe:2.3:h:netgear:rbr750:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr840:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr850:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbr860:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbre950:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbre960:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs750:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs840:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs850:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbs860:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbse950:*:*:*:*:*:*:*:*
cpe:2.3:h:netgear:rbse960:*:*:*:*:*:*:*:*
Vendors & Products Netgear
Netgear rbr750
Netgear rbr840
Netgear rbr850
Netgear rbr860
Netgear rbre950
Netgear rbre960
Netgear rbs750
Netgear rbs840
Netgear rbs850
Netgear rbs860
Netgear rbse950
Netgear rbse960
References
Metrics cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber'}

Subscriptions

Netgear Rbr750 Rbr750 Firmware Rbr840 Rbr840 Firmware Rbr850 Rbr850 Firmware Rbr860 Rbr860 Firmware Rbre950 Rbre950 Firmware Rbre960 Rbre960 Firmware Rbs750 Rbs750 Firmware Rbs840 Rbs840 Firmware Rbs850 Rbs850 Firmware Rbs860 Rbs860 Firmware Rbse950 Rbse950 Firmware Rbse960 Rbse960 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: NETGEAR

Published:

Updated: 2026-02-26T15:04:43.482Z

Reserved: 2025-12-03T04:16:10.186Z

Link: CVE-2026-0404

cve-icon Vulnrichment

Updated: 2026-01-13T16:25:05.607Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-13T16:16:10.343

Modified: 2026-02-12T17:36:09.760

Link: CVE-2026-0404

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T06:45:23Z

Weaknesses