CVE Catalog

CVE-2026-0409

MediumCVSS 6.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

17th percentile - higher than 17% of all known CVEs

Summary

A security issue in NETGEAR Orbi 370 series devices that could allow an attacker to intercept and tamper with traffic between the router and the Internet. This could enable the attacker to run commands on the device when the device administrator performs certain specific management actions.

Risk Assessment

The risk to the organization is the potential for unauthorized remote command execution, which could lead to device and network compromise.

Recommendation

It is recommended to update NETGEAR Orbi 370 series devices to version V12.1.2.7 or later to mitigate this vulnerability.

Original NVD description (English source)

A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions. This issue affects NETGEAR Orbi 370 series devices before V12.1.2.7.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS