Security Flaw in NETGEAR Orbi 370 Series Devices Exposes Users to Remote Command Execution
CVE-2026-0409

4.8MEDIUM

Key Information:

Vendor: Netgear
Status: Orbi 370
Vendor: CVE Published:; 9 June 2026

What is CVE-2026-0409?

A security flaw in NETGEAR Orbi 370 series devices allows attackers with the ability to intercept and manipulate traffic between the router and the Internet to execute unauthorized commands on the device. This vulnerability primarily arises when the device administrator performs specific management tasks, making it critical for users to update their firmware to V12.1.2.7 or later to mitigate potential risks.

Affected Version(s)

Orbi 370 0

References

https://www.netgear.com/support/product/rbe372/

productpatch

https://kb.netgear.com/000070811/June-2026-NETGEAR-Securi...

vendor-advisory

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2026
Vulnerability Reserved
Dec 3, 2025

Credit

ChinaNuke

CVE-2026-0409 Data

JSON

Netgear

What is CVE-2026-0409?

Affected Version(s)

References

CVSS V4

Timeline

Credit