Skip to main content

Netgear

Vendor security scorecard – 34 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 96
34
CVEs
1
Critical
10
High
0
KEV
5
PoC
5
Unpatched C/H
61.8%
Patch Rate
5.5%
Avg EPSS

Severity Breakdown

CRITICAL
1
HIGH
10
MEDIUM
22
LOW
1

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2013-10061 An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.1%. HIGH 8.6 73.1% 151
PoC No patch
CVE-2013-10060 An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 61.0%. CRITICAL 9.4 61.0% 143
PoC No patch
CVE-2013-10063 A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions <= 1.0.4.80 in its embedded web server. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 47.8%. MEDIUM 6.9 47.8% 102
PoC No patch
CVE-2022-40619 FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsq_access_token parameter. [CVSS 7.7 HIGH] HIGH 7.7 0.8% 59
PoC No patch
CVE-2022-40620 FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. [CVSS 7.7 HIGH] HIGH 7.7 0.1% 59
PoC No patch
CVE-2026-0404 Authenticated attackers on the same network can execute arbitrary OS commands on NETGEAR Orbi routers (RBS860, RBR850, RBSE950) through improper validation of DHCPv6 input. The vulnerability requires local or WiFi network access but no user interaction, giving attackers full system compromise capabilities on affected devices. A patch is available for this high-severity flaw. HIGH 8.0 0.1% 40
CVE-2026-0403 NETGEAR Orbi routers (RBS850, RBE970, RBS750) are vulnerable to OS command injection through inadequate input validation, enabling attackers on the local network to execute arbitrary commands with elevated privileges. The vulnerability requires LAN access and low privileges but provides complete system compromise through high-impact code execution capabilities. A patch is available for affected firmware versions. HIGH 8.0 0.1% 40
CVE-2026-0407 NETGEAR WiFi extenders (Ex3110, Ex6110, Ex5000, Ex2800) contain an authentication bypass vulnerability that allows network-adjacent attackers with WiFi access or physical Ethernet connectivity to gain unauthorized admin panel access. An attacker can exploit insufficient authentication validation to fully compromise the device's confidentiality, integrity, and availability. A patch is available for affected firmware versions. HIGH 8.0 0.1% 40
CVE-2026-0408 NETGEAR WiFi extenders (Ex5000, Ex6110, Ex2800, Ex3110) with improper path traversal validation allow authenticated LAN users to access the webproc configuration file and extract stored router credentials. An attacker with local network access can leverage this to obtain administrative credentials for further network compromise. A patch is available. HIGH 8.0 0.1% 40
CVE-2026-0406 NETGEAR XR1000v2 routers are vulnerable to OS command injection through inadequate input validation, enabling attackers with LAN access to execute arbitrary commands with elevated privileges. The vulnerability affects authenticated users on the local network and could allow complete router compromise including data interception and network manipulation. A patch is available. HIGH 8.0 0.0% 40
CVE-2026-0405 Unauthenticated administrative access in NETGEAR Orbi routers (CBR750, NBR750, RBE370, RBE371) allows local network attackers to bypass authentication and gain full admin control of the web interface. This high-severity vulnerability (CVSS 7.8) impacts all users on networks connected to affected devices, enabling attackers to modify router settings, potentially compromising network security and connected devices. A patch is available. HIGH 7.8 0.0% 39
CVE-2026-24714 End-of-service Netgear devices with TelnetEnable functionality can have telnet service remotely activated via specially crafted magic packets, enabling unauthenticated remote access to the device. An attacker on the network can exploit this to gain command-line access without credentials, potentially leading to device compromise and lateral movement. No patch is available for affected products. HIGH 7.5 0.1% 38
No patch
CVE-2026-9213 Remote code execution affects NETGEAR gaming routers (XR1000, MR70, MS70, RAXE500) when an attacker holds an on-path man-in-the-middle position between the device and the internet. The CVSS 4.0 vector (AV:N/AC:H/AT:P/PR:N/UI:N) confirms no privileges are needed on the target device but requires both high attack complexity and a specific network prerequisite - the ability to intercept and tamper with upstream traffic. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog. MEDIUM 6.9 0.2% 35
CVE-2026-15757 A security flaw was discovered in the NETGEAR DGND3700v1 that could allow someone on the same local WiFi network to send unauthorized commands to the MEDIUM 6.3 0.2% 32
No patch
CVE-2026-62655 Stack-based buffer overflow in multiple NETGEAR Orbi mesh WiFi models (RBR860, RBRE950/960, RBE970/971, RBS860, RBSE950/960) enables an unauthenticated adjacent-network attacker to crash or force a restart of the affected device, causing a loss of network connectivity. The root cause is CWE-121 (stack-based buffer overflow), meaning a crafted network payload can overwrite stack memory and destabilize the device process. The CVSS 4.0 supplemental metric E:P indicates a proof-of-concept exploit exists, elevating practical risk despite the moderate base score of 5.7. MEDIUM 5.7 0.2% 29

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy