NETGEAR Orbi January 2026 Security Update Guide

If you own a NETGEAR Orbi system, the practical response to this advisory is to verify the exact model, check the installed firmware, and confirm whether a manual update is required on your setup.

The short version

NETGEAR’s January 13, 2026 security advisory says:

• one affected issue, CVE-2026-0404, is a Medium severity vulnerability
• it affects specific Orbi model families
• the vulnerable path is in DHCPv6 functionality
• the attack requires a network-adjacent attacker already authenticated over Wi-Fi or on LAN
• DHCPv6 is not enabled by default
• the listed Orbi models are fixed in firmware v7.2.8.5 or later

For most owners, that points to a firmware-verification and update task, not proof that the router is already compromised. It is still a real update job.

What NETGEAR actually said

In the January 2026 advisory, NETGEAR says the DHCPv6 issue can let an authenticated adjacent attacker execute OS command injections on the router.

The same advisory also gives two important qualifiers:

1. the issue is rated Medium
2. DHCPv6 is not enabled by default

Those qualifiers reduce the default exposure described in the advisory. They do not remove the need to update if you are on an affected model and older firmware.

The Orbi models this guide is about

For CVE-2026-0404, NETGEAR lists these model families as fixed in v7.2.8.5 or later:

• 750 series: RBR750 and RBS750
• 840 series: RBR840 and RBS840
• 850 series: RBR850 and RBS850
• 860 series: RBR860 and RBS860
• 950 series: RBRE950 and RBSE950
• 960 series: RBRE960 and RBSE960

The January advisory includes other NETGEAR products and other vulnerabilities too. This article is scoped specifically to the Orbi group tied to the v7.2.8.5 fix path.

How to check your firmware version

NETGEAR’s support steps are simple:

1. connect a computer or mobile device to your Orbi network
2. open orbilogin.com
3. sign in to the router admin page
4. look for the router firmware version in the upper-right corner

If your system includes satellites, use Advanced > Administration > Firmware Update to review the versions there too.

The March 2026 manual-update caveat

This is the part some owners can miss.

On March 5, 2026, NETGEAR published a separate advisory saying the following WiFi 6 Orbi routers can be unable to auto-update if they are on firmware 4.6.X.X or older:

• RBR750
• RBR840
• RBR850

NETGEAR says those systems must be manually upgraded to the most recent firmware.

So if you own one of those models and your firmware is still on the 4.6 branch, do not assume automatic updates already protected you.

How to update safely if you need the manual path

NETGEAR’s manual-update instructions include several details worth following exactly:

• use a wired Ethernet connection, not Wi-Fi, for manual upload
• update satellites first, then the router
• if you have more than one satellite, update one at a time
• do not update the router and satellite at the same time

NETGEAR explicitly warns that a wireless firmware upload can corrupt the router’s firmware. The satellite-first sequence is there to reduce the risk of pairing problems after the update.

What to do with your result

If your affected Orbi model is already on v7.2.8.5 or later, you are on NETGEAR’s fixed version for this issue.

If your model is below that version:

1. update it promptly
2. verify the router and satellites all finish on the expected version
3. leave automatic updates enabled if you use that feature on a supported model

If you are on RBR750, RBR840, or RBR850 and still on 4.6.X.X or older, treat the March manual-update advisory as part of the job, not an optional extra.

What not to misunderstand

This advisory does not mean:

• every Orbi router is affected
• a default configuration automatically exposes the issue
• your router is definitely compromised
• checking only the router version is enough if satellites are behind

It does mean that firmware hygiene matters, and that a few affected Orbi owners may need to go past auto-update and do the manual sequence correctly.

Sources and further reading

• NETGEAR: January 2026 security advisory
• NETGEAR: Orbi 750, 840, and 850 auto-update issue advisory
• NETGEAR: How to check the firmware version of your Orbi router
• NETGEAR: Manual Orbi firmware upgrade instructions
• Related: Home Router Security Checklist and Router Buying Checklist

Frequently asked questions

If DHCPv6 is not enabled by default, can I ignore the update?

No. That detail lowers the default exposure, but NETGEAR still says affected devices should be updated because the vulnerability remains if you do not complete the recommended steps.

If I am already on v7.2.8.5 or later, am I done?

For the specific Orbi models and vulnerability covered here, that is NETGEAR's fixed version baseline. You should still keep router and satellite firmware aligned and leave updates enabled when available.

Why does NETGEAR tell some owners to update satellites first?

NETGEAR says updating satellites before the router helps ensure the router can still find and connect to the satellites after the upgrade.

Last updated May 27, 2026. This article summarizes current NETGEAR support advisories and update instructions, not incident-response advice. Re-check the live NETGEAR support pages before publication because firmware versions and support notes can change. See our editorial policy for methodology and corrections.