{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0409", "assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5", "state": "PUBLISHED", "assignerShortName": "NETGEAR", "dateReserved": "2025-12-03T04:16:16.081Z", "datePublished": "2026-06-09T15:39:09.050Z", "dateUpdated": "2026-06-09T15:39:09.050Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5", "shortName": "NETGEAR", "dateUpdated": "2026-06-09T15:39:09.050Z"}, "title": "Netgear Orbi 370 Series Remote Code Execution vulnerability", "datePublic": "2026-06-09T00:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-248", "descriptions": [{"lang": "en", "value": "CAPEC-248 Command Injection"}]}], "affected": [{"vendor": "NETGEAR", "product": "Orbi 370", "versions": [{"status": "affected", "version": "0", "lessThan": "V12.1.2.7", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A\u00a0NETGEAR\u00a0security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions.\u00a0This issue affects NETGEAR Orbi 370 series devices before V12.1.2.7.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A&nbsp;NETGEAR&nbsp;security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions.&nbsp;<span>This issue affects NETGEAR Orbi 370 series devices before V12.1.2.7.</span>"}]}], "references": [{"url": "https://www.netgear.com/support/product/rbe372/", "tags": ["product", "patch"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "UNREPORTED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "MEDIUM", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U"}}], "solutions": [{"lang": "en", "value": "NETGEAR strongly recommends that you install the\nlatest firmware as soon as possible.\n\n\n\nIssue fixed in:\n\nProductFixed VersionNETGEAR Orbi 370 series (RBE370, RBE371, RBE372, RBE374)\u00a0 V12.1.2.7 https://www.netgear.com/support/product/rbe372/", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>NETGEAR strongly recommends that you install the\nlatest firmware as soon as possible.</p><p>Issue fixed in:</p><table><thead><tr><th>Product</th><th>Fixed Version</th></tr></thead><tbody><tr><td>NETGEAR Orbi 370 series (RBE370, RBE371, RBE372, RBE374)&nbsp;</td><td><a href=\"https://www.netgear.com/support/product/rbe372/\">V12.1.2.7</a></td></tr></tbody></table>"}]}], "credits": [{"lang": "en", "value": "ChinaNuke", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.3"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A\u00a0NETGEAR\u00a0security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions.\u00a0This issue affects NETGEAR Orbi 370 series devices before V12.1.2.7."}], "id": "CVE-2026-0409", "lastModified": "2026-06-09T17:16:58.060", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "type": "Secondary"}]}, "published": "2026-06-09T17:16:58.060", "references": [{"source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "url": "https://www.netgear.com/support/product/rbe372/"}], "sourceIdentifier": "a2826606-91e7-4eb6-899e-8484bd4575d5", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "type": "Secondary"}]}

{}

{"created": "2026-06-09T18:00:12.924002+00:00", "updated": "2026-06-09T18:00:12.924022+00:00", "vendors": []}