8
CVE-2026-0404
- EPSS 0.18%
- Veröffentlicht 13.01.2026 16:16:10
- Zuletzt bearbeitet 12.02.2026 17:36:09
- Quelle a2826606-91e7-4eb6-899e-8484bd
- CVE-Watchlists
- Unerledigt
Insufficient input validation in NETGEAR Orbi routers
An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is not enabled by default.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Netgear ≫ Rbr750 Firmware Version < 7.2.8.5
Netgear ≫ Rbr840 Firmware Version < 7.2.8.5
Netgear ≫ Rbr850 Firmware Version < 7.2.8.5
Netgear ≫ Rbr860 Firmware Version < 7.2.8.5
Netgear ≫ Rbs750 Firmware Version < 7.2.8.5
Netgear ≫ Rbs840 Firmware Version < 7.2.8.5
Netgear ≫ Rbs850 Firmware Version < 7.2.8.5
Netgear ≫ Rbs860 Firmware Version < 7.2.8.5
Netgear ≫ Rbre950 Firmware Version < 7.2.8.5
Netgear ≫ Rbre960 Firmware Version < 7.2.8.5
Netgear ≫ Rbse950 Firmware Version < 7.2.8.5
Netgear ≫ Rbse960 Firmware Version < 7.2.8.5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.39 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8 | 2.1 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| a2826606-91e7-4eb6-899e-8484bd4575d5 | 4.8 | 0 | 0 |
CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.