CVE-2026-0411
An information disclosure vulnerability in the NETGEAR Orbi satellites could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are af...
Affects 0 products across 1 vendor.
Application reveals restricted data such as system internals, credentials, or user data to unauthorized actors.
CVE-2026-0411 is an information disclosure vulnerability affecting NETGEAR Orbi mesh WiFi systems that include satellite devices, where a network-connected user can leverage exposed information to gain administrator-level access to the Orbi router. An attacker with local network access could escalate privileges to full router administration, enabling traffic interception, DNS manipulation, or lateral movement. In OT environments where Orbi devices are used for operational network connectivity, this represents a significant risk of unauthorized access to industrial network infrastructure.
Is this CVE in your environment?
BreachSpider monitors your ICS/OT environment for vulnerabilities like this one. No agents or network access required. Free to start.
Check My Environment →What is CVE-2026-0411?
Is CVE-2026-0411 actively exploited?
How do I remediate CVE-2026-0411?
What systems are affected by CVE-2026-0411?
| CVE ID | CVE-2026-0411 |
|---|---|
| Published | 2026-06-09 |
| Last Modified | 2026-06-09 |
| ICS Relevance | 85% |
| Weakness (CWE) | |
| Source | NVD |
An information disclosure vulnerability in the NETGEAR Orbi satellites could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability. Orbi WiFi Systems without satellite devices are not impacted by this issue.
Source: NIST NVD / MITRE CVE Database
| Vendor | Product | Fixed Version |
|---|---|---|
| Netgear | — | — |
Fixed Version: Unknown - consult NETGEAR security advisory for model-specific firmware versions
NETGEAR firmware update expected to remediate improper information exposure in the satellite-to-router communication or management interface that allows privilege escalation to administrator access. Orbi systems operating without satellite devices are confirmed unaffected.
View Vendor Advisory →| CISA KEV | Not in KEV catalog |
|---|---|
| Public Exploit | Not confirmed |
| PoC Code | Not confirmed |
Deploy IDS rules at the internal network perimeter and on any switch spanning ports that carry Orbi satellite-to-router management traffic. Block or rate-limit HTTP/HTTPS access to the Orbi router admin interface (typically port 80/443 on the router's LAN IP) from all untrusted hosts. Enforce VLAN segmentation so Orbi devices are isolated from OT/industrial network segments. Enable alerting on any admin panel access from non-whitelisted source IPs.
No reliable network detection signature exists for this vulnerability class — apply the compensating controls above and the vendor patch. SAGE only publishes a network rule when a concrete on-the-wire signature can be grounded in the advisory.
Virtual patch generated by CITED Relevance SAGE. Validate in isolated environment before production deployment. Compensating control only - does not replace vendor patch.
ICS/OT Vulnerability Intelligence for Your Environment
BreachSpider monitors 353,228 CVEs across ICS/OT vendors. SAGE-enriched alerts with virtual patches, NERC-CIP mapping, and PSIRT contacts delivered to your SIEM in minutes.
Join free →