Description
Unauthenticated users on the local network can cause the router to become unavailable by sending specially crafted requests.
Published: 2026-06-09
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow flaw (CWE-787) allows an unauthenticated user who can reach the router over the local network to send crafted packets that crash the device, rendering it unavailable to legitimate traffic. The vulnerability is not tied to privileged remote access; it can be triggered simply by connecting to the router’s internal interfaces.

Affected Systems

The vulnerability affects a group of NETGEAR routers including the RBR860, RBRE950, RBRE960, RBRE970, RBRE971, RBS860, RBSE950, and RBSE960. All firmware versions prior to V7.2.7.15 on the first seven models and prior to V9.10.1.4 on the RBRE970 and RBRE971 models are vulnerable.

Risk and Exploitability

The CVSS score of 4.9 indicates moderate severity, and the EPSS score is not available. The vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is a local network connection from an unauthenticated user to the router’s management interfaces; the flaw does not require authentication. Exploitation results in a denial‑of‑service condition affecting all clients on the network.

Generated by OpenCVE AI on June 9, 2026 at 17:26 UTC.

Remediation

Vendor Solution

Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in: ProductFixed VersionRBE970 Orbi Quad-band Mesh WiFi 7 Add-on Satellite V9.10.1.4 https://www.netgear.com/support/product/rbe970/ RBE971 Orbi Quad-band Mesh WiFi 7 Router V9.10.1.4 https://www.netgear.com/support/product/rbe971/ RBR860 Orbi Tri-band Mesh WiFi 6 Router – 860 Series V7.2.7.15 https://www.netgear.com/support/product/rbr860/ RBRE950 Orbi Quad-band Mesh WiFi 6E Router v7.2.7.15 https://www.netgear.com/support/product/rbre950/ RBRE960 Orbi Quad-band Mesh WiFi 6E Router V7.2.7.15 https://www.netgear.com/support/product/rbre960/ RBS860 Orbi Tri-band Mesh WiFi 6 Add-on Satellite – 860 Series V7.2.7.15 https://www.netgear.com/support/product/rbs860/ RBSE950 Orbi Quad-band Mesh WiFi 6E Add-on Satellite v7.2.7.15 https://www.netgear.com/support/product/rbse950/ RBSE960 Orbi Quad-band Mesh WiFi 6E Add-on Satellite V7.2.7.15 https://www.netgear.com/support/product/rbse960/

OpenCVE Recommended Actions

  • Upgrade to the latest firmware (v7.2.7.15 for RBR860, RBRE950, RBRE960, RBS860, RBSE950 and RBSE960; v9.10.1.4 for RBRE970 and RBRE971) using the official firmware update utility.
  • Restrict local access to the router’s management interfaces by applying VLANs or firewall rules so that only trusted devices can reach them.
  • Periodically check the vendor’s support site for additional patches or advisories to keep the firmware up to date.

Generated by OpenCVE AI on June 9, 2026 at 17:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
References

Tue, 09 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Netgear
Netgear rbr860
Netgear rbre950
Netgear rbre960
Netgear rbre970
Netgear rbre971
Netgear rbs860
Netgear rbse950
Netgear rbse960
Vendors & Products Netgear
Netgear rbr860
Netgear rbre950
Netgear rbre960
Netgear rbre970
Netgear rbre971
Netgear rbs860
Netgear rbse950
Netgear rbse960

Tue, 09 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Description Unauthenticated users on the local network can cause the router to become unavailable by sending specially crafted requests.
Title Unauthenticated users can disrupt router operation
Weaknesses CWE-787
References
Metrics cvssV4_0

{'score': 4.9, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber'}

Subscriptions

Netgear Rbr860 Rbre950 Rbre960 Rbre970 Rbre971 Rbs860 Rbse950 Rbse960
cve-icon MITRE

Status: PUBLISHED

Assigner: NETGEAR

Published:

Updated: 2026-06-10T18:10:51.832Z

Reserved: 2026-02-24T00:11:29.678Z

Link: CVE-2026-3088

cve-icon Vulnrichment

Updated: 2026-06-09T17:34:53.277Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:05.800

Modified: 2026-06-10T19:16:35.347

Link: CVE-2026-3088

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T20:20:26Z

Weaknesses