Netgear Orbi 370 router <=V12.1.2.7 RCE via traffic tampering
CVE-2026-0409 Published on June 9, 2026
Netgear Orbi 370 Series Remote Code Execution vulnerability
A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions. This issue affects NETGEAR Orbi 370 series devices before V12.1.2.7.
Weakness Type
What is a Buffer Overflow Vulnerability?
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
CVE-2026-0409 has been classified to as a Buffer Overflow vulnerability or weakness.
Affected Versions
NETGEAR Orbi 370:- Before V12.1.2.7 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.