Description
Unauthenticated users on the local network can cause the router to become unavailable by sending specially crafted requests.
Published: 2026-06-09
Score: 4.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow flaw (CWE-787) allows an unauthenticated user who can reach the router over the local network to send crafted packets that crash the device, rendering it unavailable to legitimate traffic. The vulnerability is not tied to privileged remote access; it can be triggered simply by connecting to the router’s internal interfaces.

Affected Systems

The vulnerability affects a group of NETGEAR routers including the RBR860, RBRE950, RBRE960, RBRE970, RBRE971, RBS860, RBSE950, and RBSE960. All firmware versions prior to V7.2.7.15 on the first seven models and prior to V9.10.1.4 on the RBRE970 and RBRE971 models are vulnerable.

Risk and Exploitability

The CVSS score of 4.9 indicates moderate severity, and the EPSS score is not available. The vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is a local network connection from an unauthenticated user to the router’s management interfaces; the flaw does not require authentication. Exploitation results in a denial‑of‑service condition affecting all clients on the network.

Generated by OpenCVE AI on June 9, 2026 at 17:26 UTC.

Remediation

Vendor Solution

NETGEAR strongly recommends that you install the latest firmware as soon as possible. Issue fixed in: ProductFixed VersionRBR860 V7.2.7.15 https://www.netgear.com/support/product/rbr860/ RBRE950 v7.2.7.15 https://www.netgear.com/support/product/rbre950/ RBRE960 V7.2.7.15 https://www.netgear.com/support/product/rbre960/ RBRE970 V9.10.1.4RBRE971 V9.10.1.4RBS860 V7.2.7.15 https://www.netgear.com/support/product/rbs860/ RBSE950 v7.2.7.15 https://www.netgear.com/support/product/rbse950/ RBSE960 V7.2.7.15 https://www.netgear.com/support/product/rbse960/

OpenCVE Recommended Actions

  • Upgrade to the latest firmware (v7.2.7.15 for RBR860, RBRE950, RBRE960, RBS860, RBSE950 and RBSE960; v9.10.1.4 for RBRE970 and RBRE971) using the official firmware update utility.
  • Restrict local access to the router’s management interfaces by applying VLANs or firewall rules so that only trusted devices can reach them.
  • Periodically check the vendor’s support site for additional patches or advisories to keep the firmware up to date.

Generated by OpenCVE AI on June 9, 2026 at 17:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Netgear
Netgear rbr860
Netgear rbre950
Netgear rbre960
Netgear rbre970
Netgear rbre971
Netgear rbs860
Netgear rbse950
Netgear rbse960
Vendors & Products Netgear
Netgear rbr860
Netgear rbre950
Netgear rbre960
Netgear rbre970
Netgear rbre971
Netgear rbs860
Netgear rbse950
Netgear rbse960

Tue, 09 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Description Unauthenticated users on the local network can cause the router to become unavailable by sending specially crafted requests.
Title Unauthenticated users can disrupt router operation
Weaknesses CWE-787
References
Metrics cvssV4_0

{'score': 4.9, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber'}

Subscriptions

Netgear Rbr860 Rbre950 Rbre960 Rbre970 Rbre971 Rbs860 Rbse950 Rbse960
cve-icon MITRE

Status: PUBLISHED

Assigner: NETGEAR

Published:

Updated: 2026-06-09T18:39:56.251Z

Reserved: 2026-02-24T00:11:29.678Z

Link: CVE-2026-3088

cve-icon Vulnrichment

Updated: 2026-06-09T17:34:53.277Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:05.800

Modified: 2026-06-09T19:38:32.463

Link: CVE-2026-3088

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T20:20:26Z

Weaknesses