CVE-2026-0409
MediumCVSS 6.4Exploitation Probability (EPSS)
Low risk17th percentile - higher than 17% of all known CVEs
Summary
A security issue in NETGEAR Orbi 370 series devices that could allow an attacker to intercept and tamper with traffic between the router and the Internet. This could enable the attacker to run commands on the device when the device administrator performs certain specific management actions.
Risk Assessment
The risk to the organization is the potential for unauthorized remote command execution, which could lead to device and network compromise.
Recommendation
It is recommended to update NETGEAR Orbi 370 series devices to version V12.1.2.7 or later to mitigate this vulnerability.
Original NVD description (English source)
A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions. This issue affects NETGEAR Orbi 370 series devices before V12.1.2.7.

