CVE-2026-0403
published 2026-01-13CVE-2026-0403: An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN to execute OS command injections.
low1.1CVSS 4.0
AVAACLATNPRHUINVCNVILVANSCNSINSANEUCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUNRUVDREMUAmber
An insufficient input validation vulnerability in NETGEAR Orbi routers
allows attackers connected to the router's LAN to execute OS command
injections.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netgear | rbe970 | < v9.10.0.2 | v9.10.0.2 |
| netgear | rbe970_firmware | < 9.10.0.2 | 9.10.0.2 |
| netgear | rbe971 | < v9.10.0.2 | v9.10.0.2 |
| netgear | rbe971_firmware | < 9.10.0.2 | 9.10.0.2 |
| netgear | rbr750 | <= 4.6.14.3 | — |
| netgear | rbr750_firmware | < 7.2.8.5 | 7.2.8.5 |
| netgear | rbr850 | < V7.2.8.5 | V7.2.8.5 |
| netgear | rbr850_firmware | < 7.2.8.5 | 7.2.8.5 |
| netgear | rbr860 | < v7.2.8.5 | v7.2.8.5 |
| netgear | rbr860_firmware | < 7.2.8.5 | 7.2.8.5 |
| netgear | rbre960 | < v7.2.7.15 | v7.2.7.15 |
| netgear | rbre960_firmware | < 7.2.8.5 | 7.2.8.5 |
| netgear | rbs750 | <= 4.6.14.3 | — |
| netgear | rbs750_firmware | < 7.2.8.5 | 7.2.8.5 |
| netgear | rbs850 | < V7.2.8.5 | V7.2.8.5 |
| netgear | rbs850_firmware | < 7.2.8.5 | 7.2.8.5 |
| netgear | rbs860 | < v7.2.8.5 | v7.2.8.5 |
| netgear | rbs860_firmware | < 7.2.8.5 | 7.2.8.5 |
| netgear | rbse960 | < v7.2.7.15 | v7.2.7.15 |
| netgear | rbse960_firmware | < 7.2.8.5 | 7.2.8.5 |