CVE-2026-0408
6.1
Vector
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:AmberShow more
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:AmberShow less
Source: a2826606-91e7-4eb6-899e-8484bd4575d5 (Secondary)
Description
A path traversal vulnerability in NETGEAR WiFi range extenders allows
an attacker with LAN authentication to access the router's IP and
review the contents of the dynamically generated webproc file, which
records the username and password submitted to the router GUI.
Affected (4)
Products: Netgear: Ex2800 Firmware, Ex3110 Firmware, Ex5000 Firmware, Ex6110 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.1.82 |
| Running on/with | Platform Versions |
|---|---|
Netgear Ex2800 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.1.82 |
| Running on/with | Platform Versions |
|---|---|
Netgear Ex3110 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.1.82 |
| Running on/with | Platform Versions |
|---|---|
Netgear Ex5000 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.1.82 |
| Running on/with | Platform Versions |
|---|---|
Netgear Ex6110 | All versions |
References (5)
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Vendor AdvisoryPatch
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
ProductPatch
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
ProductPatch
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
ProductPatch
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
ProductPatch
Timeline
No history available yet.