CVE-2026-0404

EPSS 0.75%
Veröffentlicht 13.01.2026 16:16:10
Zuletzt bearbeitet 14.01.2026 16:26:00
Quelle a2826606-91e7-4eb6-899e-8484bd
CVE-Watchlists
Login
Unerledigt
Login

An insufficient input validation vulnerability in NETGEAR Orbi devices' 
DHCPv6 functionality allows network adjacent attackers authenticated 
over WiFi or on LAN to execute OS command injections on the router. 
DHCPv6 is not enabled by default.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 16

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerNETGEAR

≫

Produkt RBRE960

Default Statusunaffected

Version < v7.2.8.5

Version 0

Status affected

HerstellerNETGEAR

≫

Produkt RBSE960

Default Statusunaffected

Version < v7.2.8.5

Version 0

Status affected

HerstellerNETGEAR

≫

Produkt RBR850

Default Statusunaffected

Version < v7.2.8.5

Version 0

Status affected

HerstellerNETGEAR

≫

Produkt RBS850

Default Statusunaffected

Version < v7.2.8.5

Version 0

Status affected

HerstellerNETGEAR

≫

Produkt RBR860

Default Statusunaffected

Version < v7.2.8.5

Version 0

Status affected

HerstellerNETGEAR

≫

Produkt RBS860

Default Statusunaffected

Version < v7.2.8.5

Version 0

Status affected

HerstellerNETGEAR

≫

Produkt RBRE950

Default Statusunaffected

Version < v7.2.8.5

Version 0

Status affected

HerstellerNETGEAR

≫

Produkt RBSE950

Default Statusunaffected

Version < v7.2.8.5

Version 0

Status affected

HerstellerNETGEAR

≫

Produkt RBR750

Default Statusunaffected

Version < v7.2.8.5

Version 0

Status affected

HerstellerNETGEAR

≫

Produkt RBS750

Default Statusunaffected

Version < v7.2.8.5

Version 0

Status affected

HerstellerNETGEAR

≫

Produkt RBR840

Default Statusunaffected

Version < v7.2.8.5

Version 0

Status affected

HerstellerNETGEAR

≫

Produkt RBS840

Default Statusunaffected

Version < v7.2.8.5

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.75%	0.727

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
a2826606-91e7-4eb6-899e-8484bd4575d5	4.8	0	0	CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.netgear.com/support/product/rbr750

https://www.netgear.com/support/product/rbr850

https://www.netgear.com/support/product/rbr860

https://www.netgear.com/support/product/rbre960

https://www.netgear.com/support/product/rbs750

https://www.netgear.com/support/product/rbs850

https://www.netgear.com/support/product/rbs860

https://www.netgear.com/support/product/rbse960

https://www.netgear.com/support/product/rbr840

https://www.netgear.com/support/product/rbre950

https://www.netgear.com/support/product/rbs840

https://www.netgear.com/support/product/rbse950

https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-0404

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-0404

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-0404

EUVD