A DoS vulnerability due to stack overflow exists in certain NETGEAR Orbi models
Summary
| CVE | CVE-2026-62655 |
|---|---|
| State | PUBLISHED |
| Assigner | NETGEAR |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-07-14 18:18:47 UTC |
| Updated | 2026-07-14 18:18:47 UTC |
| Description | A security flaw was found in certain NETGEAR Orbi models that could allow an unauthorized user to cause the device to stop responding or restart unexpectedly, disrupting network connectivity and making the device temporarily unavailable. |
Risk And Classification
Primary CVSS: v4.0 5.7 MEDIUM from a2826606-91e7-4eb6-899e-8484bd4575d5
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Problem Types: CWE-121 | CWE-121 CWE-121 Stack-based buffer overflow
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | a2826606-91e7-4eb6-899e-8484bd4575d5 | Secondary | 5.7 | MEDIUM | CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/C... |
| 4.0 | CNA | CVSS | 5.7 | MEDIUM | CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P |
CVSS v4.0 Breakdown
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | NETGEAR | RBR860 | affected V7.2.7.15 custom | Not specified |
| CNA | NETGEAR | RBRE950 | affected v7.2.7.15 custom | Not specified |
| CNA | NETGEAR | RBRE960 | affected V7.2.7.15 custom | Not specified |
| CNA | NETGEAR | RBE970 | affected V9.10.1.4 custom | Not specified |
| CNA | NETGEAR | RBE971 | affected V9.10.1.4 custom | Not specified |
| CNA | NETGEAR | RBS860 | affected V7.2.7.15 custom | Not specified |
| CNA | NETGEAR | RBSE950 | affected v7.2.7.15 custom | Not specified |
| CNA | NETGEAR | RBSE960 | affected V7.2.7.15 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.netgear.com/support/product/rbre950 | a2826606-91e7-4eb6-899e-8484bd4575d5 | www.netgear.com | |
| www.netgear.com/support/product/rbr860 | a2826606-91e7-4eb6-899e-8484bd4575d5 | www.netgear.com | |
| www.netgear.com/support/product/rbse960 | a2826606-91e7-4eb6-899e-8484bd4575d5 | www.netgear.com | |
| www.netgear.com/support/product/rbs860 | a2826606-91e7-4eb6-899e-8484bd4575d5 | www.netgear.com | |
| www.netgear.com/support/product/rbre960 | a2826606-91e7-4eb6-899e-8484bd4575d5 | www.netgear.com | |
| www.netgear.com/support/product/rbse950 | a2826606-91e7-4eb6-899e-8484bd4575d5 | www.netgear.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: fxc233 (en)
Additional Advisory Data
Solutions
CNA: Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in: ProductFixed VersionRBE970 Orbi Quad-band Mesh WiFi 7 Add-on Satellite V9.10.1.4 https://www.netgear.com/support/product/rbe970/ RBE971 Orbi Quad-band Mesh WiFi 7 Router V9.10.1.4 https://www.netgear.com/support/product/rbe971/ RBR860 Orbi Tri-band Mesh WiFi 6 Router – 860 Series V7.2.7.15 https://www.netgear.com/support/product/rbr860/ RBRE950 Orbi Quad-band Mesh WiFi 6E Router v7.2.7.15 https://www.netgear.com/support/product/rbre950/ RBRE960 Orbi Quad-band Mesh WiFi 6E Router V7.2.7.15 https://www.netgear.com/support/product/rbre960/ RBS860 Orbi Tri-band Mesh WiFi 6 Add-on Satellite – 860 Series V7.2.7.15 https://www.netgear.com/support/product/rbs860/ RBSE950 Orbi Quad-band Mesh WiFi 6E Add-on Satellite v7.2.7.15 https://www.netgear.com/support/product/rbse950/ RBSE960 Orbi Quad-band Mesh WiFi 6E Add-on Satellite V7.2.7.15 https://www.netgear.com/support/product/rbse960/