FKIE_CVE-2026-0404

Vulnerability from fkie_nvd - Published: 2026-01-13 16:16 - Updated: 2026-02-12 17:36
Severity ?
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is not enabled by default.
References
a2826606-91e7-4eb6-899e-8484bd4575d5https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-AdvisoryPatch, Vendor Advisory
a2826606-91e7-4eb6-899e-8484bd4575d5https://www.netgear.com/support/product/rbr750Patch, Product
a2826606-91e7-4eb6-899e-8484bd4575d5https://www.netgear.com/support/product/rbr840Patch, Product
a2826606-91e7-4eb6-899e-8484bd4575d5https://www.netgear.com/support/product/rbr850Patch, Product
a2826606-91e7-4eb6-899e-8484bd4575d5https://www.netgear.com/support/product/rbr860Patch, Product
a2826606-91e7-4eb6-899e-8484bd4575d5https://www.netgear.com/support/product/rbre950Patch, Product
a2826606-91e7-4eb6-899e-8484bd4575d5https://www.netgear.com/support/product/rbre960Patch, Product
a2826606-91e7-4eb6-899e-8484bd4575d5https://www.netgear.com/support/product/rbs750Patch, Product
a2826606-91e7-4eb6-899e-8484bd4575d5https://www.netgear.com/support/product/rbs840Patch, Product
a2826606-91e7-4eb6-899e-8484bd4575d5https://www.netgear.com/support/product/rbs850Patch, Product
a2826606-91e7-4eb6-899e-8484bd4575d5https://www.netgear.com/support/product/rbs860Patch, Product
a2826606-91e7-4eb6-899e-8484bd4575d5https://www.netgear.com/support/product/rbse950Patch, Product
a2826606-91e7-4eb6-899e-8484bd4575d5https://www.netgear.com/support/product/rbse960Patch, Product
Impacted products
Vendor Product Version
netgear rbr750_firmware *
netgear rbr750 -
netgear rbr840_firmware *
netgear rbr840 -
netgear rbr850_firmware *
netgear rbr850 -
netgear rbr860_firmware *
netgear rbr860 -
netgear rbs750_firmware *
netgear rbs750 -
netgear rbs840_firmware *
netgear rbs840 -
netgear rbs850_firmware *
netgear rbs850 -
netgear rbs860_firmware *
netgear rbs860 -
netgear rbre950_firmware *
netgear rbre950 -
netgear rbre960_firmware *
netgear rbre960 -
netgear rbse950_firmware *
netgear rbse950 -
netgear rbse960_firmware *
netgear rbse960 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D73C133-BD68-4532-B267-61796ECB1A07",
              "versionEndExcluding": "7.2.8.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbr750:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C13F5C69-FA9B-472A-9036-0C2967BDCDE9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbr840_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C730F75-337C-44C5-9DE7-E532D7C3C8BC",
              "versionEndExcluding": "7.2.8.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbr840:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4489CB05-A1C0-408C-8D8C-56EE98CA20E8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E5B3B94-CC3D-4CFC-9FE2-9EF5CEBD4B1A",
              "versionEndExcluding": "7.2.8.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D92E4C8E-222A-476C-8273-F7171FC61F0B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbr860_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "659D5BE0-C045-48FD-9214-B35D408AF0BA",
              "versionEndExcluding": "7.2.8.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbr860:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "928FC2C1-4D05-495B-ACD8-1D013EB18EE6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0821D003-6E44-46DB-B3D1-2CA553483036",
              "versionEndExcluding": "7.2.8.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B529194C-C440-4BC3-850F-0613FC548F86",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbs840_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A19A26FE-6D83-45F3-A852-FCD9F6E9F3D4",
              "versionEndExcluding": "7.2.8.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbs840:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "84AEA27B-8BEA-4E83-819A-FDAC1881928F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "79468E3C-C58C-4076-BB85-4C331BCC300C",
              "versionEndExcluding": "7.2.8.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "221CA950-E984-44CD-9E1B-3AADE3CEBE52",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbs860_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D8CED97-AA9C-4655-B521-319021F1F9DB",
              "versionEndExcluding": "7.2.8.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbs860:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6630553-D726-4524-8BD2-3EE839DE6676",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbre950_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08EA0CCC-1FAD-47D3-B70E-1991AE30C12E",
              "versionEndExcluding": "7.2.8.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbre950:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "848E7D41-EB61-4AB3-9AED-8E35281DB464",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbre960_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22E56DA-E0B9-4A24-B818-F7919B8CDB5C",
              "versionEndExcluding": "7.2.8.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbre960:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "314FF95E-5A0C-4A6B-B8D6-28546F2C1A12",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbse950_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E26EAB17-7904-4325-A21D-43B807F7DB56",
              "versionEndExcluding": "7.2.8.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbse950:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A3F32B-B05E-42C6-969A-0F4DD5B7942E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netgear:rbse960_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19048F97-E226-4287-A206-9006F7B91E21",
              "versionEndExcluding": "7.2.8.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netgear:rbse960:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "419AF785-61C6-4911-A170-6A06D7991948",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An insufficient input validation vulnerability in NETGEAR Orbi devices\u0027 \nDHCPv6 functionality\u00a0allows network adjacent attackers authenticated \nover\u00a0WiFi or on LAN\u00a0to execute OS command injections on the router. \nDHCPv6 is not enabled by default."
    }
  ],
  "id": "CVE-2026-0404",
  "lastModified": "2026-02-12T17:36:09.760",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NO",
          "Recovery": "USER",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "attackVector": "ADJACENT",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "UNREPORTED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "AMBER",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "DIFFUSE",
          "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "MODERATE"
        },
        "source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-13T16:16:10.343",
  "references": [
    {
      "source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory"
    },
    {
      "source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
      "tags": [
        "Patch",
        "Product"
      ],
      "url": "https://www.netgear.com/support/product/rbr750"
    },
    {
      "source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
      "tags": [
        "Patch",
        "Product"
      ],
      "url": "https://www.netgear.com/support/product/rbr840"
    },
    {
      "source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
      "tags": [
        "Patch",
        "Product"
      ],
      "url": "https://www.netgear.com/support/product/rbr850"
    },
    {
      "source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
      "tags": [
        "Patch",
        "Product"
      ],
      "url": "https://www.netgear.com/support/product/rbr860"
    },
    {
      "source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
      "tags": [
        "Patch",
        "Product"
      ],
      "url": "https://www.netgear.com/support/product/rbre950"
    },
    {
      "source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
      "tags": [
        "Patch",
        "Product"
      ],
      "url": "https://www.netgear.com/support/product/rbre960"
    },
    {
      "source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
      "tags": [
        "Patch",
        "Product"
      ],
      "url": "https://www.netgear.com/support/product/rbs750"
    },
    {
      "source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
      "tags": [
        "Patch",
        "Product"
      ],
      "url": "https://www.netgear.com/support/product/rbs840"
    },
    {
      "source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
      "tags": [
        "Patch",
        "Product"
      ],
      "url": "https://www.netgear.com/support/product/rbs850"
    },
    {
      "source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
      "tags": [
        "Patch",
        "Product"
      ],
      "url": "https://www.netgear.com/support/product/rbs860"
    },
    {
      "source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
      "tags": [
        "Patch",
        "Product"
      ],
      "url": "https://www.netgear.com/support/product/rbse950"
    },
    {
      "source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
      "tags": [
        "Patch",
        "Product"
      ],
      "url": "https://www.netgear.com/support/product/rbse960"
    }
  ],
  "sourceIdentifier": "a2826606-91e7-4eb6-899e-8484bd4575d5",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "a2826606-91e7-4eb6-899e-8484bd4575d5",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.