CVE-2026-0409 MEDIUM

CVE-2026-0409: Netgear Orbi 370 Series Remote Code Execution vulnerability

Vendor Netgear
Product Orbi 370
Weakness CWE-119
Published June 9, 2026
Last update June 10, 2026

CVSS base score

4.8/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

What the vulnerability does

01Description

A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions. This issue affects NETGEAR Orbi 370 series devices before V12.1.2.7.

Key dates

02Disclosure timeline

June 9, 2026 CVE published
June 10, 2026 Record updated