Description
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
Published: 2026-06-09
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an instance of insufficient input validation that allows authenticated local administrators to change router software and configuration beyond authorized limits, effectively granting them the ability to alter critical network settings and compromise device operation.

Affected Systems

Affected devices include NETGEAR Orbi routers such as the RBE97x, RBR750, RBR840, RBR850, RBR860, RBRE950, RBRE960, RBS750, RBS840, RBS850, RBS860, RBSE950, and RBSE960; firmware before V9.12.4.9 on the RBE97x or V7.2.8.5 on other models is vulnerable, and models marked with an asterisk have reached end-of-support and should be retired.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity, and because it requires local administrator access the risk is limited to the local network; although the EPSS is unavailable and the vulnerability is not listed in CISA KEV, organizations should still apply the firmware update promptly to eliminate the privilege‑escalation flaw.

Generated by OpenCVE AI on June 9, 2026 at 17:23 UTC.

Remediation

Vendor Solution

Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in: ProductFixed VersionRBE970 Orbi Quad-band Mesh WiFi 7 Add-on Satellite V9.12.4.9 https://www.netgear.com/support/product/rbe970/ RBR750 Orbi WiFi 6 Router AX4200 V7.2.8.5 https://www.netgear.com/support/product/rbr750/ RBR840 (EoS) Orbi WiFi 6 System AX5700 V7.2.8.5 https://www.netgear.com/support/product/rbr840/ RBR850 Orbi WiFi 6 Router AX6000 V7.2.8.5 https://www.netgear.com/support/product/rbr850/ RBR860 Orbi Tri-band Mesh WiFi 6 Router – 860 Series V7.2.8.5 https://www.netgear.com/support/product/rbr860/ RBRE950 Orbi Quad-band Mesh WiFi 6E Router V7.2.8.5 https://www.netgear.com/support/product/rbre950/ RBRE960 Orbi Quad-band Mesh WiFi 6E Router V7.2.8.5 https://www.netgear.com/support/product/rbre960/ RBS750 Orbi WiFi 6 Add-on Satellite AX4200 V7.2.8.5 https://www.netgear.com/support/product/rbs750/ RBS840 (EoS) Orbi WiFi 6 Add-on Satellite AX5700 V7.2.8.5 https://www.netgear.com/support/product/rbs840/ RBS850 Orbi WiFi 6 Satellite AX6000 V7.2.8.5 https://www.netgear.com/support/product/rbs850/ RBS860 Orbi Tri-band Mesh WiFi 6 Add-on Satellite – 860 Series V7.2.8.5 https://www.netgear.com/support/product/rbs860/ RBSE950 Orbi Quad-band Mesh WiFi 6E Add-on Satellite V7.2.8.5 https://www.netgear.com/support/product/rbse950/ RBSE960 Orbi Quad-band Mesh WiFi 6E Add-on Satellite V7.2.8.5 https://www.netgear.com/support/product/rbse960/ Models marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support.

OpenCVE Recommended Actions

  • Install the latest firmware (V9.12.4.9 for RBE97x or V7.2.8.5 for other affected models).
  • If the device is end‑of‑support, retire it and replace it with a NETGEAR product that receives ongoing security updates.
  • Restrict local administrative access by enforcing strong passwords and limiting LAN access to trusted users.

Generated by OpenCVE AI on June 9, 2026 at 17:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
References

Tue, 09 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Netgear
Netgear rbe97x
Netgear rbr750
Netgear rbr840
Netgear rbr850
Netgear rbr860
Netgear rbre950
Netgear rbre960
Netgear rbs750
Netgear rbs840
Netgear rbs850
Netgear rbs860
Netgear rbse950
Netgear rbse960
Vendors & Products Netgear
Netgear rbe97x
Netgear rbr750
Netgear rbr840
Netgear rbr850
Netgear rbr860
Netgear rbre950
Netgear rbre960
Netgear rbs750
Netgear rbs840
Netgear rbs850
Netgear rbs860
Netgear rbse950
Netgear rbse960

Tue, 09 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Description Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
Title Insufficient input validation vulnerability in certain Orbi routers
Weaknesses CWE-20
References
Metrics cvssV4_0

{'score': 4.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U'}

Subscriptions

Netgear Rbe97x Rbr750 Rbr840 Rbr850 Rbr860 Rbre950 Rbre960 Rbs750 Rbs840 Rbs850 Rbs860 Rbse950 Rbse960
cve-icon MITRE

Status: PUBLISHED

Assigner: NETGEAR

Published:

Updated: 2026-06-10T12:55:15.787Z

Reserved: 2025-12-03T04:16:22.194Z

Link: CVE-2026-0415

cve-icon Vulnrichment

Updated: 2026-06-09T17:02:46.352Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:16:59.130

Modified: 2026-06-10T14:16:31.087

Link: CVE-2026-0415

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T20:20:16Z

Weaknesses
  • CWE-20

    Improper Input Validation