CVE-2026-0404

Published: Jan 13, 2026Modified: Feb 12, 2026

4.8

Vector

CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber

CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:AmberShow less

Source: a2826606-91e7-4eb6-899e-8484bd4575d5 (Secondary)

Description

An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is not enabled by default.

Affected (12)

Products: Netgear: Rbr750 Firmware, Rbr840 Firmware, Rbr850 Firmware, Rbr860 Firmware, Rbs750 Firmware, Rbs840 Firmware, Rbs850 Firmware, Rbs860 Firmware, Rbre950 Firmware, Rbre960 Firmware, Rbse950 Firmware, Rbse960 Firmware

12 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbr750 Firmware	Before 7.2.8.5

Running on/with	Platform Versions
Netgear Rbr750	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbr840 Firmware	Before 7.2.8.5

Running on/with	Platform Versions
Netgear Rbr840	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbr850 Firmware	Before 7.2.8.5

Running on/with	Platform Versions
Netgear Rbr850	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbr860 Firmware	Before 7.2.8.5

Running on/with	Platform Versions
Netgear Rbr860	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbs750 Firmware	Before 7.2.8.5

Running on/with	Platform Versions
Netgear Rbs750	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbs840 Firmware	Before 7.2.8.5

Running on/with	Platform Versions
Netgear Rbs840	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbs850 Firmware	Before 7.2.8.5

Running on/with	Platform Versions
Netgear Rbs850	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbs860 Firmware	Before 7.2.8.5

Running on/with	Platform Versions
Netgear Rbs860	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbre950 Firmware	Before 7.2.8.5

Running on/with	Platform Versions
Netgear Rbre950	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbre960 Firmware	Before 7.2.8.5

Running on/with	Platform Versions
Netgear Rbre960	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbse950 Firmware	Before 7.2.8.5

Running on/with	Platform Versions
Netgear Rbse950	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rbse960 Firmware	Before 7.2.8.5

Running on/with	Platform Versions
Netgear Rbse960	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.