Skip to main content

NETGEAR Orbi CVE-2026-62655

| EUVDEUVD-2026-44327 MEDIUM
Stack-based Buffer Overflow (CWE-121)
2026-07-14 NETGEAR GHSA-9pqr-xmfw-fwj3
5.7
CVSS 4.0 · Vendor: NETGEAR
Share

Severity by source

Vendor (NETGEAR) PRIMARY
5.7 MEDIUM
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.5 MEDIUM

Adjacent-only vector (AV:A), no auth or interaction needed, pure availability crash with no confidentiality or integrity impact.

3.1 AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (NETGEAR).

CVSS VectorVendor: NETGEAR

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 14, 2026 - 22:02 vuln.today

DescriptionCVE.org

A security flaw was found in certain NETGEAR Orbi models that could allow an unauthorized user to cause the device to stop responding or restart unexpectedly, disrupting network connectivity and making the device temporarily unavailable.

AnalysisAI

Stack-based buffer overflow in multiple NETGEAR Orbi mesh WiFi models (RBR860, RBRE950/960, RBE970/971, RBS860, RBSE950/960) enables an unauthenticated adjacent-network attacker to crash or force a restart of the affected device, causing a loss of network connectivity. The root cause is CWE-121 (stack-based buffer overflow), meaning a crafted network payload can overwrite stack memory and destabilize the device process. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain adjacent network access (Wi-Fi/LAN)
Delivery
Send crafted malformed network payload to Orbi service
Exploit
Trigger stack buffer overflow (CWE-121)
Execution
Corrupt stack frame, crash device process
Impact
Orbi restarts, network connectivity lost

Vulnerability AssessmentAI

Exploitation The attacker must be present on the same adjacent network as the Orbi device - either connected to the same Wi-Fi SSID (including guest network if enabled), the wired LAN, or a directly bridged network segment. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H) reflects a purely availability-impacting DoS with no confidentiality or integrity loss, constrained to adjacent-network attackers. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker connected to the same Wi-Fi network or wired LAN segment as an unpatched NETGEAR Orbi router sends a specially crafted network request - likely targeting a management service or Orbi backhaul protocol - that triggers a stack-based buffer overflow in the device firmware. A proof-of-concept exploit exists (E:P), meaning the specific payload format and target service have already been identified and demonstrated. …
Remediation The primary remediation is to apply the firmware update issued by NETGEAR for each affected Orbi model. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-62655 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy