Description
An information disclosure vulnerability in the NETGEAR Orbi satellites could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability.


Orbi WiFi Systems without satellite devices are not impacted by this issue.
Published: 2026-06-09
Score: 4.2 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An information disclosure vulnerability in NETGEAR Orbi satellite devices enables a local network user to obtain administrative privileges on the Orbi router. The flaw would expose internal configuration data that grants control over the router’s settings, potentially allowing full network management. This discriminatory access undermines confidentiality and integrity of the network configuration.

Affected Systems

The affected devices include NETGEAR routers RBE97x, RBR350, RBR760, RBS350, and RBS760 models that are part of the Orbi satellite family. Firmware versions prior to V6.3.8.11 (for RBE97x, RBR760, RBS760) and V4.4.2.2 (for RBR350, RBS350) are vulnerable. Models without satellite devices are not impacted.

Risk and Exploitability

The CVSS score of 4.2 indicates a moderate risk profile. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be local network or user‑connected, as the description specifies a user connected to your network could exploit it. No remote exploitation pathway is documented, so external threat is limited.

Generated by OpenCVE AI on June 9, 2026 at 17:23 UTC.

Remediation

Vendor Solution

NETGEAR strongly recommends that you install the latest firmware as soon as possible.  Issue fixed in: ProductFixed VersionRBE97xV6.3.8.11RBR350 V4.4.2.2 https://www.netgear.com/support/product/rbr350/ RBR760 V6.3.8.11 https://www.netgear.com/support/product/rbr760/ RBS350 V4.4.2.2 https://www.netgear.com/support/product/rbs350/ RBS760 V6.3.8.11 https://www.netgear.com/support/product/rbs760/

OpenCVE Recommended Actions

  • Update the router firmware to the latest version listed by NETGEAR, which addresses the disclosed flaw.
  • Disable or secure the router’s internal administrative interfaces so that only trusted devices can access them.
  • Change the default administrator password to a strong, unique value and enforce password complexity requirements.
  • Implement network segmentation or a dedicated guest network to isolate unmanaged devices from the main management network.

Generated by OpenCVE AI on June 9, 2026 at 17:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Netgear
Netgear rbe97x
Netgear rbr350
Netgear rbr760
Netgear rbs350
Vendors & Products Netgear
Netgear rbe97x
Netgear rbr350
Netgear rbr760
Netgear rbs350

Tue, 09 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Description An information disclosure vulnerability in the NETGEAR Orbi satellites could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability. Orbi WiFi Systems without satellite devices are not impacted by this issue.
Title A Sensitive Information Disclosure Vulnerability in NETGEAR Orbi Satellites
Weaknesses CWE-200
References
Metrics cvssV4_0

{'score': 4.2, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:U'}

Subscriptions

Netgear Rbe97x Rbr350 Rbr760 Rbs350
cve-icon MITRE

Status: PUBLISHED

Assigner: NETGEAR

Published:

Updated: 2026-06-09T17:02:05.761Z

Reserved: 2025-12-03T04:16:18.239Z

Link: CVE-2026-0411

cve-icon Vulnrichment

Updated: 2026-06-09T17:01:44.473Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:16:58.453

Modified: 2026-06-09T19:38:32.463

Link: CVE-2026-0411

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T20:20:15Z

Weaknesses