CVE-2026-0403 — HIGH (8.0) — White Hats Nepal

Q: What is CVE-2026-0403?

CVE-2026-0403 is a vulnerability with a CVSS score of 8.0 (HIGH). An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN to execute OS command injections.

Q: How severe is CVE-2026-0403?

CVE-2026-0403 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-0403?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Rbe971 Firmware, Netgear Rbe971, Netgear Rbe970 Firmware, Netgear Rbe970, Netgear Rbr750 Firmware.

Vulnerability Description

An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN to execute OS command injections.

CVSS Score

8.0

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Netgear	Rbe971 Firmware	< 9.10.0.2
Netgear	Rbe971	-
Netgear	Rbe970 Firmware	< 9.10.0.2
Netgear	Rbe970	-
Netgear	Rbr750 Firmware	< 7.2.8.5
Netgear	Rbr750	-
Netgear	Rbr850 Firmware	< 7.2.8.5
Netgear	Rbr850	-
Netgear	Rbr860 Firmware	< 7.2.8.5
Netgear	Rbr860	-
Netgear	Rbs750 Firmware	< 7.2.8.5
Netgear	Rbs750	-
Netgear	Rbs850 Firmware	< 7.2.8.5
Netgear	Rbs850	-
Netgear	Rbs860 Firmware	< 7.2.8.5
Netgear	Rbs860	-
Netgear	Rbre960 Firmware	< 7.2.8.5
Netgear	Rbre960	-
Netgear	Rbse960 Firmware	< 7.2.8.5
Netgear	Rbse960	-

Related Weaknesses (CWE)

CWE-20

References

https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-AdvisoryPatchVendor Advisory
https://www.netgear.com/support/product/rbe970PatchProduct
https://www.netgear.com/support/product/rbe971PatchProduct
https://www.netgear.com/support/product/rbr750PatchProduct
https://www.netgear.com/support/product/rbr850PatchProduct
https://www.netgear.com/support/product/rbr860PatchProduct
https://www.netgear.com/support/product/rbre960PatchProduct
https://www.netgear.com/support/product/rbs750PatchProduct
https://www.netgear.com/support/product/rbs850PatchProduct
https://www.netgear.com/support/product/rbs860PatchProduct
https://www.netgear.com/support/product/rbse960PatchProduct

FAQ

What is CVE-2026-0403?

CVE-2026-0403 is a vulnerability with a CVSS score of 8.0 (HIGH). An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN to execute OS command injections.

How severe is CVE-2026-0403?

CVE-2026-0403 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-0403?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Rbe971 Firmware, Netgear Rbe971, Netgear Rbe970 Firmware, Netgear Rbe970, Netgear Rbr750 Firmware.