34
CVEs
1
Critical
10
High
0
KEV
5
PoC
5
Unpatched C/H
61.8%
Patch Rate
5.5%
Avg EPSS
Severity Breakdown
CRITICAL
1
HIGH
10
MEDIUM
22
LOW
1
Monthly CVE Trend
Affected Products (30)
Rbr850 Firmware
148
Rbs850 Firmware
146
Rbk852 Firmware
142
Rbr750 Firmware
128
Rbs750 Firmware
127
Rbk752 Firmware
120
R7000P Firmware
98
R9000 Firmware
93
R7800 Firmware
92
R8900 Firmware
90
D7800 Firmware
84
Xr500 Firmware
83
Xr700 Firmware
71
Rbk50 Firmware
70
R7000 Firmware
70
Rbr50 Firmware
69
Rax120 Firmware
69
Rbs50 Firmware
68
Rax80 Firmware
60
R8000 Firmware
59
Rax75 Firmware
57
Rbr20 Firmware
57
Rbs20 Firmware
56
R6900P Firmware
55
Rbk40 Firmware
55
Rbs40 Firmware
53
R6700 Firmware
53
Rbr40 Firmware
52
Rbk20 Firmware
51
Xr300 Firmware
51
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2013-10061 | An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.1%. | HIGH | 8.6 | 73.1% | 151 |
PoC
No patch
|
| CVE-2013-10060 | An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 61.0%. | CRITICAL | 9.4 | 61.0% | 143 |
PoC
No patch
|
| CVE-2013-10063 | A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions <= 1.0.4.80 in its embedded web server. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 47.8%. | MEDIUM | 6.9 | 47.8% | 102 |
PoC
No patch
|
| CVE-2022-40619 | FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsq_access_token parameter. [CVSS 7.7 HIGH] | HIGH | 7.7 | 0.8% | 59 |
PoC
No patch
|
| CVE-2022-40620 | FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. [CVSS 7.7 HIGH] | HIGH | 7.7 | 0.1% | 59 |
PoC
No patch
|
| CVE-2026-0404 | Authenticated attackers on the same network can execute arbitrary OS commands on NETGEAR Orbi routers (RBS860, RBR850, RBSE950) through improper validation of DHCPv6 input. The vulnerability requires local or WiFi network access but no user interaction, giving attackers full system compromise capabilities on affected devices. A patch is available for this high-severity flaw. | HIGH | 8.0 | 0.1% | 40 |
|
| CVE-2026-0403 | NETGEAR Orbi routers (RBS850, RBE970, RBS750) are vulnerable to OS command injection through inadequate input validation, enabling attackers on the local network to execute arbitrary commands with elevated privileges. The vulnerability requires LAN access and low privileges but provides complete system compromise through high-impact code execution capabilities. A patch is available for affected firmware versions. | HIGH | 8.0 | 0.1% | 40 |
|
| CVE-2026-0407 | NETGEAR WiFi extenders (Ex3110, Ex6110, Ex5000, Ex2800) contain an authentication bypass vulnerability that allows network-adjacent attackers with WiFi access or physical Ethernet connectivity to gain unauthorized admin panel access. An attacker can exploit insufficient authentication validation to fully compromise the device's confidentiality, integrity, and availability. A patch is available for affected firmware versions. | HIGH | 8.0 | 0.1% | 40 |
|
| CVE-2026-0408 | NETGEAR WiFi extenders (Ex5000, Ex6110, Ex2800, Ex3110) with improper path traversal validation allow authenticated LAN users to access the webproc configuration file and extract stored router credentials. An attacker with local network access can leverage this to obtain administrative credentials for further network compromise. A patch is available. | HIGH | 8.0 | 0.1% | 40 |
|
| CVE-2026-0406 | NETGEAR XR1000v2 routers are vulnerable to OS command injection through inadequate input validation, enabling attackers with LAN access to execute arbitrary commands with elevated privileges. The vulnerability affects authenticated users on the local network and could allow complete router compromise including data interception and network manipulation. A patch is available. | HIGH | 8.0 | 0.0% | 40 |
|
| CVE-2026-0405 | Unauthenticated administrative access in NETGEAR Orbi routers (CBR750, NBR750, RBE370, RBE371) allows local network attackers to bypass authentication and gain full admin control of the web interface. This high-severity vulnerability (CVSS 7.8) impacts all users on networks connected to affected devices, enabling attackers to modify router settings, potentially compromising network security and connected devices. A patch is available. | HIGH | 7.8 | 0.0% | 39 |
|
| CVE-2026-24714 | End-of-service Netgear devices with TelnetEnable functionality can have telnet service remotely activated via specially crafted magic packets, enabling unauthenticated remote access to the device. An attacker on the network can exploit this to gain command-line access without credentials, potentially leading to device compromise and lateral movement. No patch is available for affected products. | HIGH | 7.5 | 0.1% | 38 |
No patch
|
| CVE-2026-9213 | Remote code execution affects NETGEAR gaming routers (XR1000, MR70, MS70, RAXE500) when an attacker holds an on-path man-in-the-middle position between the device and the internet. The CVSS 4.0 vector (AV:N/AC:H/AT:P/PR:N/UI:N) confirms no privileges are needed on the target device but requires both high attack complexity and a specific network prerequisite - the ability to intercept and tamper with upstream traffic. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog. | MEDIUM | 6.9 | 0.2% | 35 |
|
| CVE-2026-15757 | A security flaw was discovered in the NETGEAR DGND3700v1 that could allow someone on the same local WiFi network to send unauthorized commands to the | MEDIUM | 6.3 | 0.2% | 32 |
No patch
|
| CVE-2026-62655 | Stack-based buffer overflow in multiple NETGEAR Orbi mesh WiFi models (RBR860, RBRE950/960, RBE970/971, RBS860, RBSE950/960) enables an unauthenticated adjacent-network attacker to crash or force a restart of the affected device, causing a loss of network connectivity. The root cause is CWE-121 (stack-based buffer overflow), meaning a crafted network payload can overwrite stack memory and destabilize the device process. The CVSS 4.0 supplemental metric E:P indicates a proof-of-concept exploit exists, elevating practical risk despite the moderate base score of 5.7. | MEDIUM | 5.7 | 0.2% | 29 |
|