Description
An information disclosure vulnerability in the NETGEAR Orbi satellites (RBR/RBE/RBS Series) could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability.


Orbi WiFi Systems without satellite devices are not impacted by this issue.
Published: 2026-06-09
Score: 4.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An information disclosure vulnerability in the NETGEAR Orbi satellites (RBR/RBE/RBS Series) could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability. Orbi WiFi Systems without satellite devices are not impacted by this issue.

Affected Systems

The affected devices include NETGEAR routers RBE970, RBR350, RBR760, RBS350, and RBS760 models that are part of the Orbi satellite family. Firmware versions prior to V6.3.8.11 (for RBE970, RBR760, RBS760) and V4.4.2.2 (for RBR350, RBS350) are vulnerable. Models without satellite devices are not impacted.

Risk and Exploitability

The CVSS score of 4.2 indicates a moderate risk profile. EPSS score of 0.0002 indicates a very low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be local network or user‑connected, as the description specifies a user connected to your network could exploit it. No remote exploitation pathway is documented, so external threat is limited.

Generated by OpenCVE AI on June 11, 2026 at 07:51 UTC.

Remediation

Vendor Solution

NETGEAR strongly recommends that you install the latest firmware as soon as possible. Issue fixed in: ProductFixed VersionRBE970 Orbi Quad-band Mesh WiFi 7 Add-on Satellite 6.3.8.11 https://www.netgear.com/support/product/rbe970/ RBR350 Orbi AX1800 WiFi 6 Dual-band Mesh Router V4.4.2.2 https://www.netgear.com/support/product/rbr350/ RBR760 Orbi Tri-Band Mesh WiFi 6 Router V6.3.8.11 https://www.netgear.com/support/product/rbr760/ RBS350 Orbi AX1800 WiFi 6 Dual-band Mesh Add-on Satellite V4.4.2.2 https://www.netgear.com/support/product/rbs350/ RBS760 Orbi Tri-Band Mesh WiFi 6 Add-on Satellite V6.3.8.11 https://www.netgear.com/support/product/rbs760/

OpenCVE Recommended Actions

  • Update the router firmware to the latest version listed by NETGEAR, which addresses the disclosed flaw.
  • Disable or secure the router’s internal administrative interfaces so that only trusted devices can access them.
  • Change the default administrator password to a strong, unique value and enforce password complexity requirements.
  • Implement network segmentation or a dedicated guest network to isolate unmanaged devices from the main management network.

Generated by OpenCVE AI on June 11, 2026 at 07:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 06:45:00 +0000

Type Values Removed Values Added
Description An information disclosure vulnerability in the NETGEAR Orbi satellites could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability. Orbi WiFi Systems without satellite devices are not impacted by this issue. An information disclosure vulnerability in the NETGEAR Orbi satellites (RBR/RBE/RBS Series) could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability. Orbi WiFi Systems without satellite devices are not impacted by this issue.

Wed, 10 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 10 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
References

Tue, 09 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Netgear
Netgear rbe97x
Netgear rbr350
Netgear rbr760
Netgear rbs350
Vendors & Products Netgear
Netgear rbe97x
Netgear rbr350
Netgear rbr760
Netgear rbs350

Tue, 09 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Description An information disclosure vulnerability in the NETGEAR Orbi satellites could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability. Orbi WiFi Systems without satellite devices are not impacted by this issue.
Title A Sensitive Information Disclosure Vulnerability in NETGEAR Orbi Satellites
Weaknesses CWE-200
References
Metrics cvssV4_0

{'score': 4.2, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:U'}

Subscriptions

Netgear Rbe97x Rbr350 Rbr760 Rbs350
cve-icon MITRE

Status: PUBLISHED

Assigner: NETGEAR

Published:

Updated: 2026-06-11T05:23:03.895Z

Reserved: 2025-12-03T04:16:18.239Z

Link: CVE-2026-0411

cve-icon Vulnrichment

Updated: 2026-06-09T17:01:44.473Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:16:58.453

Modified: 2026-06-11T07:16:25.897

Link: CVE-2026-0411

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T08:00:15Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor