A buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00082.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
NETGEAR RBE370 unaffected
Version Status Constraints
0 affected < V12.1.2.1
NETGEAR RBE770 unaffected
Version Status Constraints
0 affected < V10.5.20.10
NETGEAR RBR750 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBR840 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBR850 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBR860 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBRE950 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBRE960 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBS750 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBS840 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBS850 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBS860 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBSE950 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBSE960 unaffected
Version Status Constraints
0 affected < V7.2.8.5

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Netgear Subscribe
Rbe37x Subscribe
Rbe77x Subscribe
Rbr750 Subscribe
Rbr840 Subscribe
Rbr850 Subscribe
Rbr860 Subscribe
Rbre950 Subscribe
Rbre960 Subscribe
Rbs750 Subscribe
Rbs840 Subscribe
Rbs850 Subscribe
Rbs860 Subscribe
Rbse950 Subscribe
Rbse960 Subscribe

Project Subscriptions

Vendors Products
Netgear Subscribe
Rbe37x Subscribe
Rbe77x Subscribe
Rbr750 Subscribe
Rbr840 Subscribe
Rbr850 Subscribe
Rbr860 Subscribe
Rbre950 Subscribe
Rbre960 Subscribe
Rbs750 Subscribe
Rbs840 Subscribe
Rbs850 Subscribe
Rbs860 Subscribe
Rbse950 Subscribe
Rbse960 Subscribe
Advisories

No advisories yet.

Fixes

Solution

Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in: ProductFixed VersionRBE370 Orbi Dual-band Mesh WiFi 7 Add-on Satellite V12.1.2.1 https://www.netgear.com/support/product/rbe370/ RBE770 Orbi Tri-band Mesh WiFi 7 Add-on Satellite V10.5.20.10 https://www.netgear.com/support/product/rbe770/ RBR750 Orbi WiFi 6 Router AX4200 V7.2.8.5 https://www.netgear.com/support/product/rbr750/ RBR840 (EoS) Orbi WiFi 6 System AX5700 V7.2.8.5 https://www.netgear.com/support/product/rbr840/ RBR850 Orbi WiFi 6 Router AX6000 V7.2.8.5 https://www.netgear.com/support/product/rbr850/ RBR860 Orbi Tri-band Mesh WiFi 6 Router – 860 Series V7.2.8.5 https://www.netgear.com/support/product/rbr860/ RBRE950 Orbi Quad-band Mesh WiFi 6E Router V7.2.8.5 https://www.netgear.com/support/product/rbre950/ RBRE960 Orbi Quad-band Mesh WiFi 6E Router V7.2.8.5 https://www.netgear.com/support/product/rbre960/ RBS750 Orbi WiFi 6 Add-on Satellite AX4200 V7.2.8.5 https://www.netgear.com/support/product/rbs750/ RBS840 (EoS) Orbi WiFi 6 Add-on Satellite AX5700 V7.2.8.5 https://www.netgear.com/support/product/rbs840/ RBS850 Orbi WiFi 6 Satellite AX6000 V7.2.8.5 https://www.netgear.com/support/product/rbs850/ RBS860 Orbi Tri-band Mesh WiFi 6 Add-on Satellite – 860 Series V7.2.8.5 https://www.netgear.com/support/product/rbs860/ RBSE950 Orbi Quad-band Mesh WiFi 6E Add-on Satellite V7.2.8.5 https://www.netgear.com/support/product/rbse950/ RBSE960 Orbi Quad-band Mesh WiFi 6E Add-on Satellite V7.2.8.5 https://www.netgear.com/support/product/rbse960/ Models marked (EoS) have reached End-of-Support phase, and no security updates are planned. NETGEAR strongly recommends that you retire these devices and upgrade to a newer NETGEAR device for continued security support.

Workaround

No workaround given by the vendor.

References
Link Providers
https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory cve-icon cve-icon
https://www.netgear.com/support/product/rbe372/ cve-icon cve-icon
https://www.netgear.com/support/product/rbe770/ cve-icon cve-icon
https://www.netgear.com/support/product/rbr750/ cve-icon cve-icon
https://www.netgear.com/support/product/rbr840/ cve-icon cve-icon
https://www.netgear.com/support/product/rbr850/ cve-icon cve-icon
https://www.netgear.com/support/product/rbr860/ cve-icon cve-icon
https://www.netgear.com/support/product/rbre950/ cve-icon cve-icon
https://www.netgear.com/support/product/rbre960/ cve-icon cve-icon
https://www.netgear.com/support/product/rbs750/ cve-icon cve-icon
https://www.netgear.com/support/product/rbs840/ cve-icon cve-icon
https://www.netgear.com/support/product/rbs850/ cve-icon cve-icon
https://www.netgear.com/support/product/rbs860/ cve-icon cve-icon
https://www.netgear.com/support/product/rbse950/ cve-icon cve-icon
https://www.netgear.com/support/product/rbse960/ cve-icon cve-icon
History

Thu, 11 Jun 2026 06:45:00 +0000

Type Values Removed Values Added
Description Insufficient input validation of buffers vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality. A buffer overflow vulnerability due to insufficient input validation in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.

Wed, 10 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
References

Tue, 09 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Netgear
Netgear rbe37x
Netgear rbe77x
Netgear rbr750
Netgear rbr840
Netgear rbr850
Netgear rbr860
Netgear rbre950
Netgear rbre960
Netgear rbs750
Netgear rbs840
Netgear rbs850
Netgear rbs860
Netgear rbse950
Netgear rbse960
Vendors & Products Netgear
Netgear rbe37x
Netgear rbe77x
Netgear rbr750
Netgear rbr840
Netgear rbr850
Netgear rbr860
Netgear rbre950
Netgear rbre960
Netgear rbs750
Netgear rbs840
Netgear rbs850
Netgear rbs860
Netgear rbse950
Netgear rbse960

Tue, 09 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Description Insufficient input validation of buffers vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
Title Buffer overflow vulnerability in certain NETGEAR Nighthawk routers
Weaknesses CWE-121
References
Metrics cvssV4_0

{'score': 4.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: NETGEAR

Published:

Updated: 2026-06-11T15:26:11.850Z

Reserved: 2025-12-03T04:16:20.202Z

Link: CVE-2026-0413

cve-icon Vulnrichment

Updated: 2026-06-09T17:06:13.557Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:16:58.777

Modified: 2026-06-11T07:16:26.160

Link: CVE-2026-0413

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T08:30:06Z

Weaknesses