CVE-2026-0403

CWE-20 — Improper Input Validation3 documents3 sources

Severity

1.1LOW

EPSS

0.1%

top 76.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Rbe970 Netgear Rbe971 Netgear Rbr850 +17 more

Timeline

PublishedJan 13

Description

An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN to execute OS command injections.

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages20 packages

▶CVEListV5netgear/rbe970< v9.10.0.2

▶CVEListV5netgear/rbe971< v9.10.0.2

▶CVEListV5netgear/rbr850< V7.2.8.5

▶CVEListV5netgear/rbr860< v7.2.8.5

▶CVEListV5netgear/rbs850< V7.2.8.5

Patches

Patch: kb.netgear.com ↗Patch: www.netgear.com ↗Patch: www.netgear.com ↗

🔴Vulnerability Details

CVEList

Insufficient input validation in NETGEAR Orbi routers↗2026-01-13

▶

GHSA

GHSA-52xc-q9g5-mc6m: An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN to execute OS command injections↗2026-01-13

▶