{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0404", "assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5", "state": "PUBLISHED", "assignerShortName": "NETGEAR", "dateReserved": "2025-12-03T04:16:10.186Z", "datePublished": "2026-01-13T16:01:14.944Z", "dateUpdated": "2026-01-13T16:25:13.184Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "RBRE960", "vendor": "NETGEAR", "versions": [{"lessThan": "v7.2.8.5", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "RBSE960", "vendor": "NETGEAR", "versions": [{"lessThan": "v7.2.8.5", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "RBR850", "vendor": "NETGEAR", "versions": [{"lessThan": "v7.2.8.5", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "RBS850", "vendor": "NETGEAR", "versions": [{"lessThan": "v7.2.8.5", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "RBR860", "vendor": "NETGEAR", "versions": [{"lessThan": "v7.2.8.5", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "RBS860", "vendor": "NETGEAR", "versions": [{"lessThan": "v7.2.8.5", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "RBRE950", "vendor": "NETGEAR", "versions": [{"lessThan": "v7.2.8.5", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "RBSE950", "vendor": "NETGEAR", "versions": [{"lessThan": "v7.2.8.5", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "RBR750", "vendor": "NETGEAR", "versions": [{"lessThan": "v7.2.8.5", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "RBS750", "vendor": "NETGEAR", "versions": [{"lessThan": "v7.2.8.5", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "RBR840", "vendor": "NETGEAR", "versions": [{"lessThan": "v7.2.8.5", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "RBS840", "vendor": "NETGEAR", "versions": [{"lessThan": "v7.2.8.5", "status": "affected", "version": "0", "versionType": "custom"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbre960:*:*:*:*:*:*:*:*", "versionEndExcluding": "v7.2.8.5", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbse960:*:*:*:*:*:*:*:*", "versionEndExcluding": "v7.2.8.5", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbr850:*:*:*:*:*:*:*:*", "versionEndExcluding": "v7.2.8.5", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbs850:*:*:*:*:*:*:*:*", "versionEndExcluding": "v7.2.8.5", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbr860:*:*:*:*:*:*:*:*", "versionEndExcluding": "v7.2.8.5", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbs860:*:*:*:*:*:*:*:*", "versionEndExcluding": "v7.2.8.5", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbre950:*:*:*:*:*:*:*:*", "versionEndExcluding": "v7.2.8.5", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbse950:*:*:*:*:*:*:*:*", "versionEndExcluding": "v7.2.8.5", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbr750:*:*:*:*:*:*:*:*", "versionEndExcluding": "v7.2.8.5", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbs750:*:*:*:*:*:*:*:*", "versionEndExcluding": "v7.2.8.5", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbr840:*:*:*:*:*:*:*:*", "versionEndExcluding": "v7.2.8.5", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbs840:*:*:*:*:*:*:*:*", "versionEndExcluding": "v7.2.8.5", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "credits": [{"lang": "en", "type": "finder", "value": "Hyunseok Yun"}], "datePublic": "2026-01-13T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>An insufficient input validation vulnerability in NETGEAR Orbi devices' \nDHCPv6 functionality&nbsp;allows network adjacent attackers authenticated \nover&nbsp;WiFi or on LAN&nbsp;to execute OS command injections on the router. \nDHCPv6 is not enabled by default.</p><p></p>"}], "value": "An insufficient input validation vulnerability in NETGEAR Orbi devices' \nDHCPv6 functionality\u00a0allows network adjacent attackers authenticated \nover\u00a0WiFi or on LAN\u00a0to execute OS command injections on the router. \nDHCPv6 is not enabled by default."}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "baseScore": 4.8, "baseSeverity": "MEDIUM", "exploitMaturity": "UNREPORTED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5", "shortName": "NETGEAR", "dateUpdated": "2026-01-13T16:22:30.971Z"}, "references": [{"tags": ["patch", "product"], "url": "https://www.netgear.com/support/product/rbre960"}, {"tags": ["product", "patch"], "url": "https://www.netgear.com/support/product/rbse960"}, {"tags": ["product", "patch"], "url": "https://www.netgear.com/support/product/rbr850"}, {"tags": ["product", "patch"], "url": "https://www.netgear.com/support/product/rbs850"}, {"tags": ["product", "patch"], "url": "https://www.netgear.com/support/product/rbr860"}, {"tags": ["product", "patch"], "url": "https://www.netgear.com/support/product/rbs860"}, {"tags": ["product", "patch"], "url": "https://www.netgear.com/support/product/rbre950"}, {"tags": ["product", "patch"], "url": "https://www.netgear.com/support/product/rbse950"}, {"tags": ["product", "patch"], "url": "https://www.netgear.com/support/product/rbr750"}, {"tags": ["product", "patch"], "url": "https://www.netgear.com/support/product/rbs750"}, {"tags": ["product", "patch"], "url": "https://www.netgear.com/support/product/rbr840"}, {"tags": ["product", "patch"], "url": "https://www.netgear.com/support/product/rbs840"}, {"tags": ["vendor-advisory"], "url": "https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Devices with automatic updates enabled may already have this patch \napplied. If not, please check the firmware version and update it to the \nlatest.</p>\n\n<p>Fixed in:</p>\n\n<p></p><p><span>RBR750</span><a href=\"https://www.netgear.com/support/product/rbr750\"> firmware v7.2.8.5 or later</a><br><span>RBR840 </span><a href=\"https://www.netgear.com/support/product/rbr840\">firmware v7.2.8.5 or later</a><br><span>RBR850 </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/rbr850\">firmware v7.2.8.5 or later</a><br><span>RBR860 </span><a href=\"https://www.netgear.com/support/product/rbr860\">firmware v7.2.8.5 or later</a><br><span>RBS750 </span><a href=\"https://www.netgear.com/support/product/rbs750\">firmware v7.2.8.5 or later</a><br><span>RBS840 </span><a href=\"https://www.netgear.com/support/product/rbs840\">firmware v7.2.8.5 or later</a><br><span>RBS850 </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/rbs850\">firmware v7.2.8.5 or later</a><br><span>RBS860 </span><a href=\"https://www.netgear.com/support/product/rbs860\">firmware v7.2.8.5 or later</a><br><span>RBRE950</span><a href=\"https://www.netgear.com/support/product/rbre950\"> firmware v7.2.8.5 or later</a><br><span>RBRE960 </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/rbre960\">firmware v7.2.8.5 or later</a><br><span>RBSE950 </span><a href=\"https://www.netgear.com/support/product/rbse950\">firmware v7.2.8.5 or later</a><br><span>RBSE960 </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/rbse960\">firmware v7.2.8.5 or later</a></p><p></p>"}], "value": "Devices with automatic updates enabled may already have this patch \napplied. If not, please check the firmware version and update it to the \nlatest.\n\n\n\nFixed in:\n\n\n\n\n\nRBR750 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbr750 \nRBR840 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbr840 \nRBR850 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbr850 \nRBR860 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbr860 \nRBS750 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbs750 \nRBS840 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbs840 \nRBS850 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbs850 \nRBS860 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbs860 \nRBRE950 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbre950 \nRBRE960 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbre960 \nRBSE950 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbse950 \nRBSE960 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbse960"}], "source": {"discovery": "EXTERNAL"}, "title": "Insufficient input validation in NETGEAR Orbi routers", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-13T16:24:39.262353Z", "id": "CVE-2026-0404", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-13T16:25:13.184Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0404", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-13T16:24:39.262353Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-13T16:25:05.607Z"}}], "cna": {"title": "Insufficient input validation in NETGEAR Orbi routers", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Hyunseok Yun"}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 4.8, "Automatable": "NO", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber", "exploitMaturity": "UNREPORTED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NETGEAR", "product": "RBRE960", "versions": [{"status": "affected", "version": "0", "lessThan": "v7.2.8.5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "NETGEAR", "product": "RBSE960", "versions": [{"status": "affected", "version": "0", "lessThan": "v7.2.8.5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "NETGEAR", "product": "RBR850", "versions": [{"status": "affected", "version": "0", "lessThan": "v7.2.8.5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "NETGEAR", "product": "RBS850", "versions": [{"status": "affected", "version": "0", "lessThan": "v7.2.8.5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "NETGEAR", "product": "RBR860", "versions": [{"status": "affected", "version": "0", "lessThan": "v7.2.8.5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "NETGEAR", "product": "RBS860", "versions": [{"status": "affected", "version": "0", "lessThan": "v7.2.8.5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "NETGEAR", "product": "RBRE950", "versions": [{"status": "affected", "version": "0", "lessThan": "v7.2.8.5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "NETGEAR", "product": "RBSE950", "versions": [{"status": "affected", "version": "0", "lessThan": "v7.2.8.5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "NETGEAR", "product": "RBR750", "versions": [{"status": "affected", "version": "0", "lessThan": "v7.2.8.5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "NETGEAR", "product": "RBS750", "versions": [{"status": "affected", "version": "0", "lessThan": "v7.2.8.5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "NETGEAR", "product": "RBR840", "versions": [{"status": "affected", "version": "0", "lessThan": "v7.2.8.5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "NETGEAR", "product": "RBS840", "versions": [{"status": "affected", "version": "0", "lessThan": "v7.2.8.5", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Devices with automatic updates enabled may already have this patch \napplied. If not, please check the firmware version and update it to the \nlatest.\n\n\n\nFixed in:\n\n\n\n\n\nRBR750 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbr750 \nRBR840 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbr840 \nRBR850 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbr850 \nRBR860 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbr860 \nRBS750 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbs750 \nRBS840 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbs840 \nRBS850 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbs850 \nRBS860 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbs860 \nRBRE950 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbre950 \nRBRE960 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbre960 \nRBSE950 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbse950 \nRBSE960 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbse960", "supportingMedia": [{"type": "text/html", "value": "<p>Devices with automatic updates enabled may already have this patch \napplied. If not, please check the firmware version and update it to the \nlatest.</p>\n\n<p>Fixed in:</p>\n\n<p></p><p><span>RBR750</span><a href=\"https://www.netgear.com/support/product/rbr750\"> firmware v7.2.8.5 or later</a><br><span>RBR840 </span><a href=\"https://www.netgear.com/support/product/rbr840\">firmware v7.2.8.5 or later</a><br><span>RBR850 </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/rbr850\">firmware v7.2.8.5 or later</a><br><span>RBR860 </span><a href=\"https://www.netgear.com/support/product/rbr860\">firmware v7.2.8.5 or later</a><br><span>RBS750 </span><a href=\"https://www.netgear.com/support/product/rbs750\">firmware v7.2.8.5 or later</a><br><span>RBS840 </span><a href=\"https://www.netgear.com/support/product/rbs840\">firmware v7.2.8.5 or later</a><br><span>RBS850 </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/rbs850\">firmware v7.2.8.5 or later</a><br><span>RBS860 </span><a href=\"https://www.netgear.com/support/product/rbs860\">firmware v7.2.8.5 or later</a><br><span>RBRE950</span><a href=\"https://www.netgear.com/support/product/rbre950\"> firmware v7.2.8.5 or later</a><br><span>RBRE960 </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/rbre960\">firmware v7.2.8.5 or later</a><br><span>RBSE950 </span><a href=\"https://www.netgear.com/support/product/rbse950\">firmware v7.2.8.5 or later</a><br><span>RBSE960 </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/rbse960\">firmware v7.2.8.5 or later</a></p><p></p>", "base64": false}]}], "datePublic": "2026-01-13T16:00:00.000Z", "references": [{"url": "https://www.netgear.com/support/product/rbre960", "tags": ["patch", "product"]}, {"url": "https://www.netgear.com/support/product/rbse960", "tags": ["product", "patch"]}, {"url": "https://www.netgear.com/support/product/rbr850", "tags": ["product", "patch"]}, {"url": "https://www.netgear.com/support/product/rbs850", "tags": ["product", "patch"]}, {"url": "https://www.netgear.com/support/product/rbr860", "tags": ["product", "patch"]}, {"url": "https://www.netgear.com/support/product/rbs860", "tags": ["product", "patch"]}, {"url": "https://www.netgear.com/support/product/rbre950", "tags": ["product", "patch"]}, {"url": "https://www.netgear.com/support/product/rbse950", "tags": ["product", "patch"]}, {"url": "https://www.netgear.com/support/product/rbr750", "tags": ["product", "patch"]}, {"url": "https://www.netgear.com/support/product/rbs750", "tags": ["product", "patch"]}, {"url": "https://www.netgear.com/support/product/rbr840", "tags": ["product", "patch"]}, {"url": "https://www.netgear.com/support/product/rbs840", "tags": ["product", "patch"]}, {"url": "https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "An insufficient input validation vulnerability in NETGEAR Orbi devices' \nDHCPv6 functionality\u00a0allows network adjacent attackers authenticated \nover\u00a0WiFi or on LAN\u00a0to execute OS command injections on the router. \nDHCPv6 is not enabled by default.", "supportingMedia": [{"type": "text/html", "value": "<p>An insufficient input validation vulnerability in NETGEAR Orbi devices' \nDHCPv6 functionality&nbsp;allows network adjacent attackers authenticated \nover&nbsp;WiFi or on LAN&nbsp;to execute OS command injections on the router. \nDHCPv6 is not enabled by default.</p><p></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbre960:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "v7.2.8.5", "versionStartIncluding": "0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbse960:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "v7.2.8.5", "versionStartIncluding": "0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbr850:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "v7.2.8.5", "versionStartIncluding": "0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbs850:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "v7.2.8.5", "versionStartIncluding": "0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbr860:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "v7.2.8.5", "versionStartIncluding": "0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbs860:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "v7.2.8.5", "versionStartIncluding": "0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbre950:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "v7.2.8.5", "versionStartIncluding": "0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbse950:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "v7.2.8.5", "versionStartIncluding": "0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbr750:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "v7.2.8.5", "versionStartIncluding": "0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbs750:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "v7.2.8.5", "versionStartIncluding": "0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbr840:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "v7.2.8.5", "versionStartIncluding": "0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rbs840:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "v7.2.8.5", "versionStartIncluding": "0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5", "shortName": "NETGEAR", "dateUpdated": "2026-01-13T16:22:30.971Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0404", "state": "PUBLISHED", "dateUpdated": "2026-01-13T16:25:13.184Z", "dateReserved": "2025-12-03T04:16:10.186Z", "assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5", "datePublished": "2026-01-13T16:01:14.944Z", "assignerShortName": "NETGEAR"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An insufficient input validation vulnerability in NETGEAR Orbi devices' \nDHCPv6 functionality\u00a0allows network adjacent attackers authenticated \nover\u00a0WiFi or on LAN\u00a0to execute OS command injections on the router. \nDHCPv6 is not enabled by default."}], "id": "CVE-2026-0404", "lastModified": "2026-01-13T17:15:59.653", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "type": "Secondary"}]}, "published": "2026-01-13T16:16:10.343", "references": [{"source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "url": "https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory"}, {"source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "url": "https://www.netgear.com/support/product/rbr750"}, {"source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "url": "https://www.netgear.com/support/product/rbr840"}, {"source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "url": "https://www.netgear.com/support/product/rbr850"}, {"source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "url": "https://www.netgear.com/support/product/rbr860"}, {"source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "url": "https://www.netgear.com/support/product/rbre950"}, {"source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "url": "https://www.netgear.com/support/product/rbre960"}, {"source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "url": "https://www.netgear.com/support/product/rbs750"}, {"source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "url": "https://www.netgear.com/support/product/rbs840"}, {"source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "url": "https://www.netgear.com/support/product/rbs850"}, {"source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "url": "https://www.netgear.com/support/product/rbs860"}, {"source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "url": "https://www.netgear.com/support/product/rbse950"}, {"source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "url": "https://www.netgear.com/support/product/rbse960"}], "sourceIdentifier": "a2826606-91e7-4eb6-899e-8484bd4575d5", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "type": "Secondary"}]}

{}

{}