Skip to main content

Rbs850

3 CVEs product

Monthly

CVE-2026-0415 MEDIUM PATCH This Month

Insufficient input validation across multiple NETGEAR Orbi mesh router models (RBR/RBS/RBE series) permits authenticated administrators on the local network to make unauthorized modifications to router software and functionality beyond their intended privilege scope. Affected are all firmware versions prior to V7.2.8.5 on most Orbi models and prior to V9.12.4.9 on the RBE97x series. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog; NETGEAR self-reported and has released patched firmware addressing the flaw.

Authentication Bypass Netgear Rbe97X Rbr750 Rbr840 +10
NVD VulDB
CVSS 4.0
4.3
EPSS
0.1%
CVE-2026-0413 MEDIUM PATCH This Month

Stack-based buffer overflow in NETGEAR Orbi mesh router firmware (RBE, RBR, RBS series) enables authenticated administrators with local network access to submit malformed buffer input that bypasses validation and triggers unauthorized modification of router software and functionality. The attack surface is significantly constrained by the requirement for both administrative credentials (PR:H) and adjacent network positioning (AV:A), limiting realistic exposure to insider threats or scenarios where an attacker has already compromised admin credentials within the LAN. No public exploit identified at time of analysis, SSVC confirms exploitation status as none, and vendor-released patches are available across all affected model lines.

Netgear Stack Overflow Buffer Overflow Rbe37X Rbe77X +12
NVD VulDB
CVSS 4.0
4.3
EPSS
0.0%
CVE-2026-0418 MEDIUM PATCH This Month

System integrity tampering across a broad portfolio of NETGEAR home and small-business networking devices allows authenticated administrators on the local network to manipulate device configuration beyond intended boundaries, classified under CWE-15 (External Control of System or Configuration Setting). The CVSS 4.0 vector (AV:A/PR:H/VI:H) confirms that exploitation is constrained to adjacent network access with high-privilege credentials, yet the integrity impact on the vulnerable system is rated High. No public exploit code exists (SSVC: Exploitation none; CVSS E:U), and NETGEAR has released firmware patches for all affected product lines.

Information Disclosure Cbr750 Ex6120 Ex6130 Mr60 +31
NVD VulDB
CVSS 4.0
4.3
EPSS
0.0%
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Insufficient input validation across multiple NETGEAR Orbi mesh router models (RBR/RBS/RBE series) permits authenticated administrators on the local network to make unauthorized modifications to router software and functionality beyond their intended privilege scope. Affected are all firmware versions prior to V7.2.8.5 on most Orbi models and prior to V9.12.4.9 on the RBE97x series. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog; NETGEAR self-reported and has released patched firmware addressing the flaw.

Authentication Bypass Netgear Rbe97X +12
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Stack-based buffer overflow in NETGEAR Orbi mesh router firmware (RBE, RBR, RBS series) enables authenticated administrators with local network access to submit malformed buffer input that bypasses validation and triggers unauthorized modification of router software and functionality. The attack surface is significantly constrained by the requirement for both administrative credentials (PR:H) and adjacent network positioning (AV:A), limiting realistic exposure to insider threats or scenarios where an attacker has already compromised admin credentials within the LAN. No public exploit identified at time of analysis, SSVC confirms exploitation status as none, and vendor-released patches are available across all affected model lines.

Netgear Stack Overflow Buffer Overflow +14
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

System integrity tampering across a broad portfolio of NETGEAR home and small-business networking devices allows authenticated administrators on the local network to manipulate device configuration beyond intended boundaries, classified under CWE-15 (External Control of System or Configuration Setting). The CVSS 4.0 vector (AV:A/PR:H/VI:H) confirms that exploitation is constrained to adjacent network access with high-privilege credentials, yet the integrity impact on the vulnerable system is rated High. No public exploit code exists (SSVC: Exploitation none; CVSS E:U), and NETGEAR has released firmware patches for all affected product lines.

Information Disclosure Cbr750 Ex6120 +33
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy