Volerion logoVolerion
Volerion logoVolerion

NETGEAR Orbi Devices DHCPv6 Command Injection Vulnerability

Vulnerability

A vulnerability allowing OS command injection has been identified in NETGEAR Orbi devices, specifically within the DHCPv6 functionality. This issue arises from insufficient input validation, which allows network-adjacent attackers authenticated over WiFi or on the local area network to execute arbitrary commands on the router. It's important to note that DHCPv6 is not enabled by default on these devices.

Impact

Exploitation of this vulnerability allows for OS command injection on the affected router.

Remediation

Users can manually check their device's firmware version and update it to the latest version. Instructions for downloading the latest firmware are available on the NETGEAR support website.

Added: Jan 13, 2026, 4:28 PM
Updated: Jan 13, 2026, 5:47 PM

Vulnerability Rating

Custom Algorithm
spread
5.7
impact
7.5
exploitability
3.5
remediation
7.7
relevance
2.0
threat
0.0
urgency
5.7
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.