Skip to main content

Orbi 370

1 CVEs product

Monthly

CVE-2026-0409 MEDIUM PATCH This Month

Remote command execution in NETGEAR Orbi 370 series routers (firmware before V12.1.2.7) is achievable by a network-positioned adversary who can intercept and tamper with traffic between the device and the internet. Exploitation requires the device administrator to perform specific management actions while the attacker holds a man-in-the-middle position, at which point a buffer overflow (CWE-119) is triggered allowing arbitrary command execution on the device. No public exploit exists at time of analysis and the vendor has released a patching firmware (V12.1.2.7); no KEV listing has been issued by CISA.

Netgear Buffer Overflow Orbi 370
NVD VulDB
CVSS 4.0
4.8
EPSS
0.1%
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Remote command execution in NETGEAR Orbi 370 series routers (firmware before V12.1.2.7) is achievable by a network-positioned adversary who can intercept and tamper with traffic between the device and the internet. Exploitation requires the device administrator to perform specific management actions while the attacker holds a man-in-the-middle position, at which point a buffer overflow (CWE-119) is triggered allowing arbitrary command execution on the device. No public exploit exists at time of analysis and the vendor has released a patching firmware (V12.1.2.7); no KEV listing has been issued by CISA.

Netgear Buffer Overflow Orbi 370
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy