CVE-2026-62655
A security flaw was found in certain NETGEAR Orbi models that could allow an unauthorized user to cause the device to stop responding or res
CVSS
—
No CVSS
EPSS
0.2%
p11
KEV
—
Exploit Today
3
0-100
Published: Jul 14, 2026 · Last modified: Jul 15, 2026 · CWE-121
0.2%EPSS · 30 days0.2%
2026-07-152026-07-17
A security flaw was found in certain NETGEAR Orbi models that could allow an unauthorized user to cause the device to stop responding or restart unexpectedly, disrupting network connectivity and making the device temporarily unavailable.
- kb.netgear.comhttps://kb.netgear.com/000070859/July-2026-NETGEAR-Security-Advisory
- www.netgear.comhttps://www.netgear.com/support/product/rbr860/
- www.netgear.comhttps://www.netgear.com/support/product/rbre950/
- www.netgear.comhttps://www.netgear.com/support/product/rbre960/
- www.netgear.comhttps://www.netgear.com/support/product/rbs860/
- www.netgear.comhttps://www.netgear.com/support/product/rbse950/
- www.netgear.comhttps://www.netgear.com/support/product/rbse960/
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2025-510878.6 HIG94.0%
——28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow.13dCVE-2025-510885.3 MED92.6%
——28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/WifiGuestSet. The manipulation of the argument `shareSpeed` leads to stack-based buffer overflow.13dCVE-2025-510855.3 MED92.6%
——28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/SetSysTimeCfg. The manipulation of the argument `timeZone` and `timeType` leads to stack-based buffer overflow.13dCVE-2021-271378.1 HIG91.8%
——28An issue was discovered in router/upnp/src/ssdp.c in DD-WRT before 45724. An unsafe strcpy in the UPnP handling functionality allows an unauthenticated remote attacker to send a request that would overflow an internal fixed buffer. Exploitation requires the DD-WRT user to enable UPnP (which is off by default, and only listens on internal interfaces by default). This occurs in ssdp_msearch (reachable by an M-SEARCH request).16hCVE-2025-606908.8 HIG89.1%
——27A stack-based buffer overflow exists in the get_merge_ipaddr function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to four user-supplied CGI parameters matching <parameter>_0~3 into a fixed-size buffer (a2) without bounds checking. Remote attackers can exploit this vulnerability via specially crafted HTTP requests to execute arbitrary code or cause denial of service without authentication.13dCVE-2026-248818.1 HIG75.3%
——23In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.3d