Skip to main content

Rbs850 Firmware CVE-2026-0403

HIGH
Improper Input Validation (CWE-20)
2026-01-13 a2826606-91e7-4eb6-899e-8484bd4575d5
8.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.0 HIGH
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
Patch released
Feb 20, 2026 - 19:38 nvd
Patch available
CVE Published
Jan 13, 2026 - 16:16 nvd
HIGH 8.0

DescriptionCVE.org

An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN to execute OS command injections.

AnalysisAI

NETGEAR Orbi routers (RBS850, RBE970, RBS750) are vulnerable to OS command injection through inadequate input validation, enabling attackers on the local network to execute arbitrary commands with elevated privileges. The vulnerability requires LAN access and low privileges but provides complete system compromise through high-impact code execution capabilities. A patch is available for affected firmware versions.

Technical ContextAI

Classified as CWE-20 (Improper Input Validation). Affects Rbe971 Firmware. An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN to execute OS command injections.

RemediationAI

A vendor patch is available — apply it immediately.

CVE-2021-45630 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-45627 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-45622 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-45621 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-45620 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-45617 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-45616 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-45614 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-45613 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-45612 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS

CVE-2021-45527 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. Rated critical severity (CVSS 9.8),

CVE-2021-45509 CRITICAL
9.8 Dec 26

Certain NETGEAR devices are affected by authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is

Share

CVE-2026-0403 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy