Insufficient input validation of buffers vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
NETGEAR RBE37X unaffected
Version Status Constraints
0 affected < V12.1.2.1
NETGEAR RBE77X unaffected
Version Status Constraints
0 affected < V10.5.20.10
NETGEAR RBR750 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBR840 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBR850 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBR860 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBRE950 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBRE960 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBS750 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBS840 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBS850 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBS860 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBSE950 unaffected
Version Status Constraints
0 affected < V7.2.8.5
NETGEAR RBSE960 unaffected
Version Status Constraints
0 affected < V7.2.8.5

No data.

No data.

No data.

Project Subscriptions

No data.

Advisories

No advisories yet.

Fixes

Solution

NETGEAR strongly recommends that you install the latest firmware as soon as possible.  Issue fixed in: ProductFixed VersionRBE37X V12.1.2.1 https://www.netgear.com/support/product/rbe372/ RBE77X V10.5.20.10 https://www.netgear.com/support/product/rbe770/ RBR750 V7.2.8.5 https://www.netgear.com/support/product/rbr750/ RBR840* V7.2.8.5 https://www.netgear.com/support/product/rbr840/ RBR850 V7.2.8.5 https://www.netgear.com/support/product/rbr850/ RBR860 V7.2.8.5 https://www.netgear.com/support/product/rbr860/ RBRE950 V7.2.8.5 https://www.netgear.com/support/product/rbre950/ RBRE960 V7.2.8.5 https://www.netgear.com/support/product/rbre960/ RBS750 V7.2.8.5 https://www.netgear.com/support/product/rbs750/ RBS840* V7.2.8.5 https://www.netgear.com/support/product/rbs840/ RBS850 V7.2.8.5 https://www.netgear.com/support/product/rbs850/ RBS860 V7.2.8.5 https://www.netgear.com/support/product/rbs860/ RBSE950 V7.2.8.5 https://www.netgear.com/support/product/rbse950/ RBSE960 V7.2.8.5 https://www.netgear.com/support/product/rbse960/ * Model has reached its End-of-Support phase and no future security updates are planned. NETGEAR strongly recommends that you retire this device and upgrade to a newer NETGEAR product for continued security support.

Workaround

No workaround given by the vendor.

References
Link Providers
https://www.netgear.com/support/product/rbe372/ cve-icon cve-icon
https://www.netgear.com/support/product/rbe770/ cve-icon cve-icon
https://www.netgear.com/support/product/rbr750/ cve-icon cve-icon
https://www.netgear.com/support/product/rbr840/ cve-icon cve-icon
https://www.netgear.com/support/product/rbr850/ cve-icon cve-icon
https://www.netgear.com/support/product/rbr860/ cve-icon cve-icon
https://www.netgear.com/support/product/rbre950/ cve-icon cve-icon
https://www.netgear.com/support/product/rbre960/ cve-icon cve-icon
https://www.netgear.com/support/product/rbs750/ cve-icon cve-icon
https://www.netgear.com/support/product/rbs840/ cve-icon cve-icon
https://www.netgear.com/support/product/rbs850/ cve-icon cve-icon
https://www.netgear.com/support/product/rbs860/ cve-icon cve-icon
https://www.netgear.com/support/product/rbse950/ cve-icon cve-icon
https://www.netgear.com/support/product/rbse960/ cve-icon cve-icon
History

Tue, 09 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Description Insufficient input validation of buffers vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality.
Title Buffer overflow vulnerability in certain NETGEAR Nighthawk routers
Weaknesses CWE-121
References
Metrics cvssV4_0

{'score': 4.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: NETGEAR

Published:

Updated: 2026-06-09T17:06:42.150Z

Reserved: 2025-12-03T04:16:20.202Z

Link: CVE-2026-0413

cve-icon Vulnrichment

Updated: 2026-06-09T17:06:13.557Z

cve-icon NVD

Status : Received

Published: 2026-06-09T17:16:58.777

Modified: 2026-06-09T17:16:58.777

Link: CVE-2026-0413

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses