Skip to main content

Rbe97X

3 CVEs product

Monthly

CVE-2026-0411 MEDIUM PATCH This Month

Information disclosure in NETGEAR Orbi satellite devices (RBR350, RBR760, RBS350, RBS760, RBE97x) allows a low-privileged user on the same network to obtain administrator access to the Orbi router. The flaw resides specifically in the satellite-to-router communication layer, as NETGEAR explicitly confirms Orbi systems deployed without satellites are unaffected. No public exploit exists (CVSS E:U) and CISA SSVC rates exploitation as none, but the high secondary impact scores (SC:H/SI:H/SA:H) reflect that successful exploitation yields full router compromise.

Information Disclosure Netgear Rbe97X Rbr350 Rbr760 +2
NVD VulDB
CVSS 4.0
4.2
EPSS
0.0%
CVE-2026-0415 MEDIUM PATCH This Month

Insufficient input validation across multiple NETGEAR Orbi mesh router models (RBR/RBS/RBE series) permits authenticated administrators on the local network to make unauthorized modifications to router software and functionality beyond their intended privilege scope. Affected are all firmware versions prior to V7.2.8.5 on most Orbi models and prior to V9.12.4.9 on the RBE97x series. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog; NETGEAR self-reported and has released patched firmware addressing the flaw.

Authentication Bypass Netgear Rbe97X Rbr750 Rbr840 +10
NVD VulDB
CVSS 4.0
4.3
EPSS
0.1%
CVE-2026-0414 MEDIUM PATCH This Month

Code injection in NETGEAR RBE97x routers (firmware prior to V9.12.4.9) enables authenticated administrators on the local network to make unauthorized modifications to router software and functionality beyond their sanctioned scope. The vulnerability stems from insufficient input validation (CWE-94), where administrator-supplied input is not properly sanitized before being processed, potentially allowing execution of injected code. No public exploit exists and CISA SSVC classifies exploitation status as 'none', making this a low-urgency but valid integrity risk for environments where shared or compromised admin accounts are a concern.

Code Injection Netgear RCE Rbe97X
NVD VulDB
CVSS 4.0
4.3
EPSS
0.0%
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

Information disclosure in NETGEAR Orbi satellite devices (RBR350, RBR760, RBS350, RBS760, RBE97x) allows a low-privileged user on the same network to obtain administrator access to the Orbi router. The flaw resides specifically in the satellite-to-router communication layer, as NETGEAR explicitly confirms Orbi systems deployed without satellites are unaffected. No public exploit exists (CVSS E:U) and CISA SSVC rates exploitation as none, but the high secondary impact scores (SC:H/SI:H/SA:H) reflect that successful exploitation yields full router compromise.

Information Disclosure Netgear Rbe97X +4
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Insufficient input validation across multiple NETGEAR Orbi mesh router models (RBR/RBS/RBE series) permits authenticated administrators on the local network to make unauthorized modifications to router software and functionality beyond their intended privilege scope. Affected are all firmware versions prior to V7.2.8.5 on most Orbi models and prior to V9.12.4.9 on the RBE97x series. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog; NETGEAR self-reported and has released patched firmware addressing the flaw.

Authentication Bypass Netgear Rbe97X +12
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Code injection in NETGEAR RBE97x routers (firmware prior to V9.12.4.9) enables authenticated administrators on the local network to make unauthorized modifications to router software and functionality beyond their sanctioned scope. The vulnerability stems from insufficient input validation (CWE-94), where administrator-supplied input is not properly sanitized before being processed, potentially allowing execution of injected code. No public exploit exists and CISA SSVC classifies exploitation status as 'none', making this a low-urgency but valid integrity risk for environments where shared or compromised admin accounts are a concern.

Code Injection Netgear RCE +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy