Description
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
Published: 2026-06-09
Score: 4.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an instance of insufficient input validation that allows authenticated local administrators to change router software and configuration beyond authorized limits, effectively granting them the ability to alter critical network settings and compromise device operation.

Affected Systems

Affected devices include NETGEAR Orbi routers such as the RBE97x, RBR750, RBR840, RBR850, RBR860, RBRE950, RBRE960, RBS750, RBS840, RBS850, RBS860, RBSE950, and RBSE960; firmware before V9.12.4.9 on the RBE97x or V7.2.8.5 on other models is vulnerable, and models marked with an asterisk have reached end-of-support and should be retired.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity, and because it requires local administrator access the risk is limited to the local network; although the EPSS is unavailable and the vulnerability is not listed in CISA KEV, organizations should still apply the firmware update promptly to eliminate the privilege‑escalation flaw.

Generated by OpenCVE AI on June 9, 2026 at 17:23 UTC.

Remediation

Vendor Solution

NETGEAR strongly recommends that you install the latest firmware as soon as possible. Issue fixed in: ProductFixed VersionRBE97xV9.12.4.9RBR750 V7.2.8.5 https://www.netgear.com/support/product/rbr750/ RBR840* V7.2.8.5 https://www.netgear.com/support/product/rbr840/ RBR850 V7.2.8.5 https://www.netgear.com/support/product/rbr850/ RBR860 V7.2.8.5 https://www.netgear.com/support/product/rbr860/ RBRE950 V7.2.8.5 https://www.netgear.com/support/product/rbre950/ RBRE960 V7.2.8.5 https://www.netgear.com/support/product/rbre960/ RBS750 V7.2.8.5 https://www.netgear.com/support/product/rbs750/ RBS840* V7.2.8.5 https://www.netgear.com/support/product/rbs840/ RBS850 V7.2.8.5 https://www.netgear.com/support/product/rbs850/ RBS860 V7.2.8.5 https://www.netgear.com/support/product/rbs860/ RBSE950 V7.2.8.5 https://www.netgear.com/support/product/rbse950/ RBSE960 V7.2.8.5 https://www.netgear.com/support/product/rbse960/ * Model has reached its End-of-Support phase and no future security updates are planned. NETGEAR strongly recommends that you retire this device and upgrade to a newer NETGEAR product for continued security support.

OpenCVE Recommended Actions

  • Install the latest firmware (V9.12.4.9 for RBE97x or V7.2.8.5 for other affected models).
  • If the device is end‑of‑support, retire it and replace it with a NETGEAR product that receives ongoing security updates.
  • Restrict local administrative access by enforcing strong passwords and limiting LAN access to trusted users.

Generated by OpenCVE AI on June 9, 2026 at 17:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Netgear
Netgear rbe97x
Netgear rbr750
Netgear rbr840
Netgear rbr850
Netgear rbr860
Netgear rbre950
Netgear rbre960
Netgear rbs750
Netgear rbs840
Netgear rbs850
Netgear rbs860
Netgear rbse950
Netgear rbse960
Vendors & Products Netgear
Netgear rbe97x
Netgear rbr750
Netgear rbr840
Netgear rbr850
Netgear rbr860
Netgear rbre950
Netgear rbre960
Netgear rbs750
Netgear rbs840
Netgear rbs850
Netgear rbs860
Netgear rbse950
Netgear rbse960

Tue, 09 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Description Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
Title Insufficient input validation vulnerability in certain Orbi routers
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 4.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U'}

Subscriptions

Netgear Rbe97x Rbr750 Rbr840 Rbr850 Rbr860 Rbre950 Rbre960 Rbs750 Rbs840 Rbs850 Rbs860 Rbse950 Rbse960
cve-icon MITRE

Status: PUBLISHED

Assigner: NETGEAR

Published:

Updated: 2026-06-09T17:03:58.746Z

Reserved: 2025-12-03T04:16:22.194Z

Link: CVE-2026-0415

cve-icon Vulnrichment

Updated: 2026-06-09T17:02:46.352Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:16:59.130

Modified: 2026-06-09T19:38:32.463

Link: CVE-2026-0415

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T20:20:16Z

Weaknesses