CVE-2026-0409 | THREATINT

Description

A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions. This issue affects NETGEAR Orbi 370 series devices before V12.1.2.7.

PUBLISHED Reserved 2025-12-03 | Published 2026-06-09 | Updated 2026-06-10 | Assigner NETGEAR

MEDIUM: 4.8CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

Problem types

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Product status

Default status

unaffected

Any version before V12.1.2.7

affected

Credits

ChinaNuke finder

References

www.netgear.com/support/product/rbe372/ product patch

kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory vendor-advisory

cve.org (CVE-2026-0409)

nvd.nist.gov (CVE-2026-0409)

Download JSON