Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Adjacent-only vector (AV:A), no auth or interaction needed, pure availability crash with no confidentiality or integrity impact.
Primary rating from Vendor (NETGEAR).
CVSS VectorVendor: NETGEAR
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A security flaw was found in certain NETGEAR Orbi models that could allow an unauthorized user to cause the device to stop responding or restart unexpectedly, disrupting network connectivity and making the device temporarily unavailable.
AnalysisAI
Stack-based buffer overflow in multiple NETGEAR Orbi mesh WiFi models (RBR860, RBRE950/960, RBE970/971, RBS860, RBSE950/960) enables an unauthenticated adjacent-network attacker to crash or force a restart of the affected device, causing a loss of network connectivity. The root cause is CWE-121 (stack-based buffer overflow), meaning a crafted network payload can overwrite stack memory and destabilize the device process. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must be present on the same adjacent network as the Orbi device - either connected to the same Wi-Fi SSID (including guest network if enabled), the wired LAN, or a directly bridged network segment. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H) reflects a purely availability-impacting DoS with no confidentiality or integrity loss, constrained to adjacent-network attackers. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker connected to the same Wi-Fi network or wired LAN segment as an unpatched NETGEAR Orbi router sends a specially crafted network request - likely targeting a management service or Orbi backhaul protocol - that triggers a stack-based buffer overflow in the device firmware. A proof-of-concept exploit exists (E:P), meaning the specific payload format and target service have already been identified and demonstrated. … |
| Remediation | The primary remediation is to apply the firmware update issued by NETGEAR for each affected Orbi model. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Denial-of-service via out-of-bounds write in NETGEAR Orbi mesh router and satellite firmware allows unauthenticated, adj
Insufficient input validation across multiple NETGEAR Orbi mesh router models (RBR/RBS/RBE series) permits authenticated
Stack-based buffer overflow in NETGEAR Orbi mesh router firmware (RBE, RBR, RBS series) enables authenticated administra
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44327
GHSA-9pqr-xmfw-fwj3