Skip to main content

Rbre950

4 CVEs product

Monthly

CVE-2026-62655 MEDIUM PATCH This Month

Stack-based buffer overflow in multiple NETGEAR Orbi mesh WiFi models (RBR860, RBRE950/960, RBE970/971, RBS860, RBSE950/960) enables an unauthenticated adjacent-network attacker to crash or force a restart of the affected device, causing a loss of network connectivity. The root cause is CWE-121 (stack-based buffer overflow), meaning a crafted network payload can overwrite stack memory and destabilize the device process. The CVSS 4.0 supplemental metric E:P indicates a proof-of-concept exploit exists, elevating practical risk despite the moderate base score of 5.7.

Buffer Overflow Stack Overflow Netgear Rbr860 Rbre950 +6
NVD
CVSS 4.0
5.7
EPSS
0.2%
CVE-2026-0415 MEDIUM PATCH This Month

Insufficient input validation across multiple NETGEAR Orbi mesh router models (RBR/RBS/RBE series) permits authenticated administrators on the local network to make unauthorized modifications to router software and functionality beyond their intended privilege scope. Affected are all firmware versions prior to V7.2.8.5 on most Orbi models and prior to V9.12.4.9 on the RBE97x series. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog; NETGEAR self-reported and has released patched firmware addressing the flaw.

Authentication Bypass Netgear Rbe97X Rbr750 Rbr840 +10
NVD VulDB
CVSS 4.0
4.3
EPSS
0.1%
CVE-2026-0413 MEDIUM PATCH This Month

Stack-based buffer overflow in NETGEAR Orbi mesh router firmware (RBE, RBR, RBS series) enables authenticated administrators with local network access to submit malformed buffer input that bypasses validation and triggers unauthorized modification of router software and functionality. The attack surface is significantly constrained by the requirement for both administrative credentials (PR:H) and adjacent network positioning (AV:A), limiting realistic exposure to insider threats or scenarios where an attacker has already compromised admin credentials within the LAN. No public exploit identified at time of analysis, SSVC confirms exploitation status as none, and vendor-released patches are available across all affected model lines.

Netgear Stack Overflow Buffer Overflow Rbe37X Rbe77X +12
NVD VulDB
CVSS 4.0
4.3
EPSS
0.0%
CVE-2026-3088 MEDIUM PATCH This Month

Denial-of-service via out-of-bounds write in NETGEAR Orbi mesh router and satellite firmware allows unauthenticated, adjacent-network attackers to render affected devices unavailable by sending specially crafted requests. The vulnerability affects multiple Orbi 860/950/960/970/971-series devices across a broad firmware version range, with fixed builds available per vendor advisory. No public exploit code or active exploitation has been identified at time of analysis (CVSS E:U), though the low attack complexity and absence of any authentication requirement make this straightforward to reproduce for any attacker with local network access.

Memory Corruption Buffer Overflow Rbr860 Rbre950 Rbre960 +5
NVD VulDB
CVSS 4.0
4.9
EPSS
0.0%
EPSS 0% CVSS 5.7
MEDIUM PATCH This Month

Stack-based buffer overflow in multiple NETGEAR Orbi mesh WiFi models (RBR860, RBRE950/960, RBE970/971, RBS860, RBSE950/960) enables an unauthenticated adjacent-network attacker to crash or force a restart of the affected device, causing a loss of network connectivity. The root cause is CWE-121 (stack-based buffer overflow), meaning a crafted network payload can overwrite stack memory and destabilize the device process. The CVSS 4.0 supplemental metric E:P indicates a proof-of-concept exploit exists, elevating practical risk despite the moderate base score of 5.7.

Buffer Overflow Stack Overflow Netgear +8
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Insufficient input validation across multiple NETGEAR Orbi mesh router models (RBR/RBS/RBE series) permits authenticated administrators on the local network to make unauthorized modifications to router software and functionality beyond their intended privilege scope. Affected are all firmware versions prior to V7.2.8.5 on most Orbi models and prior to V9.12.4.9 on the RBE97x series. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog; NETGEAR self-reported and has released patched firmware addressing the flaw.

Authentication Bypass Netgear Rbe97X +12
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Stack-based buffer overflow in NETGEAR Orbi mesh router firmware (RBE, RBR, RBS series) enables authenticated administrators with local network access to submit malformed buffer input that bypasses validation and triggers unauthorized modification of router software and functionality. The attack surface is significantly constrained by the requirement for both administrative credentials (PR:H) and adjacent network positioning (AV:A), limiting realistic exposure to insider threats or scenarios where an attacker has already compromised admin credentials within the LAN. No public exploit identified at time of analysis, SSVC confirms exploitation status as none, and vendor-released patches are available across all affected model lines.

Netgear Stack Overflow Buffer Overflow +14
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Denial-of-service via out-of-bounds write in NETGEAR Orbi mesh router and satellite firmware allows unauthenticated, adjacent-network attackers to render affected devices unavailable by sending specially crafted requests. The vulnerability affects multiple Orbi 860/950/960/970/971-series devices across a broad firmware version range, with fixed builds available per vendor advisory. No public exploit code or active exploitation has been identified at time of analysis (CVSS E:U), though the low attack complexity and absence of any authentication requirement make this straightforward to reproduce for any attacker with local network access.

Memory Corruption Buffer Overflow Rbr860 +7
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy