CVE-2026-3088 (GCVE-0-2026-3088)

Vulnerability from cvelistv5 – Published: 2026-06-09 15:50 – Updated: 2026-06-10 18:10
VLAI?
Title
Unauthenticated users can disrupt router operation
Summary
Unauthenticated users on the local network can cause the router to become unavailable by sending specially crafted requests.
CWE
Assigner
Impacted products
Vendor Product Version
NETGEAR RBR860 Affected: V6.3.7.10 , < V7.2.7.15 (custom)
Create a notification for this product.
    NETGEAR RBRE950 Affected: 0 , < v7.2.7.15 (custom)
Create a notification for this product.
    NETGEAR RBRE960 Affected: V6.3.7.10 , < V7.2.7.15 (custom)
Create a notification for this product.
    NETGEAR RBE970 Affected: V6.3.7.10 , < V9.10.1.4 (custom)
Create a notification for this product.
    NETGEAR RBE971 Affected: V6.3.7.10 , < V9.10.1.4 (custom)
Create a notification for this product.
    NETGEAR RBS860 Affected: 0 , < V7.2.7.15 (custom)
Create a notification for this product.
    NETGEAR RBSE950 Affected: 0 , < v7.2.7.15 (custom)
Create a notification for this product.
    NETGEAR RBSE960 Affected: 0 , < V7.2.7.15 (custom)
Create a notification for this product.
Credits
fxc233
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-3088",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-09T17:34:47.190713Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-09T18:39:56.251Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "RBR860",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThan": "V7.2.7.15",
              "status": "affected",
              "version": "V6.3.7.10",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RBRE950",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThan": "v7.2.7.15",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RBRE960",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThan": "V7.2.7.15",
              "status": "affected",
              "version": "V6.3.7.10",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RBE970",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThan": "V9.10.1.4",
              "status": "affected",
              "version": "V6.3.7.10",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RBE971",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThan": "V9.10.1.4",
              "status": "affected",
              "version": "V6.3.7.10",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RBS860",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThan": "V7.2.7.15",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RBSE950",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThan": "v7.2.7.15",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "RBSE960",
          "vendor": "NETGEAR",
          "versions": [
            {
              "lessThan": "V7.2.7.15",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "fxc233"
        }
      ],
      "datePublic": "2026-06-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eUnauthenticated users on the local network can cause the router to become unavailable by sending specially crafted requests.\u003c/div\u003e"
            }
          ],
          "value": "Unauthenticated users on the local network can cause the router to become unavailable by sending specially crafted requests."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "UNREPORTED",
            "privilegesRequired": "NONE",
            "providerUrgency": "AMBER",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/V:D/RE:L/U:Amber",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "LOW"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-10T18:10:51.832Z",
        "orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
        "shortName": "NETGEAR"
      },
      "references": [
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/rbr860/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/rbre950/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/rbre960/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/rbs860/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/rbse960/"
        },
        {
          "tags": [
            "product",
            "patch"
          ],
          "url": "https://www.netgear.com/support/product/rbse950/"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.netgear.com/000070811/June-2026-NETGEAR-Security-Advisory"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eDevices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\u003c/p\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eProduct\u003c/th\u003e\u003cth\u003eFixed Version\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRBE970\u003c/b\u003e Orbi Quad-band Mesh WiFi 7 Add-on Satellite\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbe970/\"\u003eV9.10.1.4\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRBE971\u003c/b\u003e Orbi Quad-band Mesh WiFi 7 Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbe971/\"\u003eV9.10.1.4\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRBR860\u003c/b\u003e Orbi Tri-band Mesh WiFi 6 Router \u2013 860 Series\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbr860/\"\u003eV7.2.7.15\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRBRE950\u003c/b\u003e Orbi Quad-band Mesh WiFi 6E Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbre950/\"\u003ev7.2.7.15\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRBRE960\u003c/b\u003e Orbi Quad-band Mesh WiFi 6E Router\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbre960/\"\u003eV7.2.7.15\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRBS860\u003c/b\u003e Orbi Tri-band Mesh WiFi 6 Add-on Satellite \u2013 860 Series\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbs860/\"\u003eV7.2.7.15\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRBSE950\u003c/b\u003e Orbi Quad-band Mesh WiFi 6E Add-on Satellite\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbse950/\"\u003ev7.2.7.15\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRBSE960\u003c/b\u003e Orbi Quad-band Mesh WiFi 6E Add-on Satellite\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://www.netgear.com/support/product/rbse960/\"\u003eV7.2.7.15\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
            }
          ],
          "value": "Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in:\n\nProductFixed VersionRBE970 Orbi Quad-band Mesh WiFi 7 Add-on Satellite V9.10.1.4 https://www.netgear.com/support/product/rbe970/ RBE971 Orbi Quad-band Mesh WiFi 7 Router V9.10.1.4 https://www.netgear.com/support/product/rbe971/ RBR860 Orbi Tri-band Mesh WiFi 6 Router \u2013 860 Series V7.2.7.15 https://www.netgear.com/support/product/rbr860/ RBRE950 Orbi Quad-band Mesh WiFi 6E Router v7.2.7.15 https://www.netgear.com/support/product/rbre950/ RBRE960 Orbi Quad-band Mesh WiFi 6E Router V7.2.7.15 https://www.netgear.com/support/product/rbre960/ RBS860 Orbi Tri-band Mesh WiFi 6 Add-on Satellite \u2013 860 Series V7.2.7.15 https://www.netgear.com/support/product/rbs860/ RBSE950 Orbi Quad-band Mesh WiFi 6E Add-on Satellite v7.2.7.15 https://www.netgear.com/support/product/rbse950/ RBSE960 Orbi Quad-band Mesh WiFi 6E Add-on Satellite V7.2.7.15 https://www.netgear.com/support/product/rbse960/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Unauthenticated users can disrupt router operation",
      "x_generator": {
        "engine": "Vulnogram 1.0.3"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5",
    "assignerShortName": "NETGEAR",
    "cveId": "CVE-2026-3088",
    "datePublished": "2026-06-09T15:50:47.289Z",
    "dateReserved": "2026-02-24T00:11:29.678Z",
    "dateUpdated": "2026-06-10T18:10:51.832Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…