Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (NETGEAR) · only source for this CVE.
CVSS VectorVendor: NETGEAR
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Insufficient input validation of buffers vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
AnalysisAI
Stack-based buffer overflow in NETGEAR Orbi mesh router firmware (RBE, RBR, RBS series) enables authenticated administrators with local network access to submit malformed buffer input that bypasses validation and triggers unauthorized modification of router software and functionality. The attack surface is significantly constrained by the requirement for both administrative credentials (PR:H) and adjacent network positioning (AV:A), limiting realistic exposure to insider threats or scenarios where an attacker has already compromised admin credentials within the LAN. No public exploit identified at time of analysis, SSVC confirms exploitation status as none, and vendor-released patches are available across all affected model lines.
Technical ContextAI
CWE-121 (Stack-based Buffer Overflow) describes the root cause: the router firmware fails to properly validate the length or content of input written to stack-allocated buffers, allowing a write beyond buffer boundaries that can corrupt adjacent stack data. This class of vulnerability in embedded network device firmware typically manifests in HTTP-based administration interfaces or internal RPC/IPC mechanisms where user-supplied data is copied into fixed-size stack buffers without bounds checking. The affected products are NETGEAR Orbi mesh networking devices spanning the RBE (Ethernet backhaul), RBR (router base units), and RBS (satellite units) product families, as identified by CPE strings: cpe:2.3:a:netgear:rbe37x, rbe77x, rbr750, rbr840, rbr850, rbr860, rbre950, rbre960, rbs750, and rbs840. The CVSS 4.0 vector AV:A confirms exploitation requires adjacency to the local network, consistent with the device's role as a LAN router.
RemediationAI
The primary remediation is to upgrade all affected NETGEAR Orbi devices to the vendor-released patched firmware: V7.2.8.5 or later for RBR750, RBR840, RBR850, RBR860, RBRE950, RBRE960, RBS750, RBS840, RBS850, RBS860, RBSE950, and RBSE960; V10.5.20.10 or later for RBE77X; and V12.1.2.1 or later for RBE37X. Firmware updates can be obtained through the respective product support pages linked in the CVE references (e.g., netgear.com/support/product/rbr850/). Where immediate patching is not feasible, the practical compensating control is to restrict administrative interface access to a dedicated, tightly controlled management VLAN and enforce strong, unique credentials for the router admin account, as the exploit requires both adjacency and admin-level authentication. Disabling remote management features (if not already off by default) reduces the attack surface further. These controls reduce but do not eliminate risk - the vulnerability remains exploitable by anyone with legitimate admin access on the LAN until patching is complete.
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Stack Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35462
GHSA-5vq9-cj6j-3h3r