{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-0404","assignerOrgId":"a2826606-91e7-4eb6-899e-8484bd4575d5","state":"PUBLISHED","assignerShortName":"NETGEAR","dateReserved":"2025-12-03T04:16:10.186Z","datePublished":"2026-01-13T16:01:14.944Z","dateUpdated":"2026-02-26T15:04:43.482Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"RBRE960","vendor":"NETGEAR","versions":[{"lessThan":"v7.2.8.5","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"RBSE960","vendor":"NETGEAR","versions":[{"lessThan":"v7.2.8.5","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"RBR850","vendor":"NETGEAR","versions":[{"lessThan":"v7.2.8.5","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"RBS850","vendor":"NETGEAR","versions":[{"lessThan":"v7.2.8.5","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"RBR860","vendor":"NETGEAR","versions":[{"lessThan":"v7.2.8.5","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"RBS860","vendor":"NETGEAR","versions":[{"lessThan":"v7.2.8.5","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"RBRE950","vendor":"NETGEAR","versions":[{"lessThan":"v7.2.8.5","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"RBSE950","vendor":"NETGEAR","versions":[{"lessThan":"v7.2.8.5","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"RBR750","vendor":"NETGEAR","versions":[{"lessThan":"v7.2.8.5","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"RBS750","vendor":"NETGEAR","versions":[{"lessThan":"v7.2.8.5","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"RBR840","vendor":"NETGEAR","versions":[{"lessThan":"v7.2.8.5","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"RBS840","vendor":"NETGEAR","versions":[{"lessThan":"v7.2.8.5","status":"affected","version":"0","versionType":"custom"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:h:netgear:rbre960:*:*:*:*:*:*:*:*","versionEndExcluding":"v7.2.8.5","versionStartIncluding":"0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:h:netgear:rbse960:*:*:*:*:*:*:*:*","versionEndExcluding":"v7.2.8.5","versionStartIncluding":"0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:h:netgear:rbr850:*:*:*:*:*:*:*:*","versionEndExcluding":"v7.2.8.5","versionStartIncluding":"0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:h:netgear:rbs850:*:*:*:*:*:*:*:*","versionEndExcluding":"v7.2.8.5","versionStartIncluding":"0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:h:netgear:rbr860:*:*:*:*:*:*:*:*","versionEndExcluding":"v7.2.8.5","versionStartIncluding":"0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:h:netgear:rbs860:*:*:*:*:*:*:*:*","versionEndExcluding":"v7.2.8.5","versionStartIncluding":"0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:h:netgear:rbre950:*:*:*:*:*:*:*:*","versionEndExcluding":"v7.2.8.5","versionStartIncluding":"0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:h:netgear:rbse950:*:*:*:*:*:*:*:*","versionEndExcluding":"v7.2.8.5","versionStartIncluding":"0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:h:netgear:rbr750:*:*:*:*:*:*:*:*","versionEndExcluding":"v7.2.8.5","versionStartIncluding":"0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:h:netgear:rbs750:*:*:*:*:*:*:*:*","versionEndExcluding":"v7.2.8.5","versionStartIncluding":"0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:h:netgear:rbr840:*:*:*:*:*:*:*:*","versionEndExcluding":"v7.2.8.5","versionStartIncluding":"0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:h:netgear:rbs840:*:*:*:*:*:*:*:*","versionEndExcluding":"v7.2.8.5","versionStartIncluding":"0","vulnerable":true}],"negate":false,"operator":"OR"}],"operator":"OR"}],"credits":[{"lang":"en","type":"finder","value":"Hyunseok Yun"}],"datePublic":"2026-01-13T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"

An insufficient input validation vulnerability in NETGEAR Orbi devices' \nDHCPv6 functionality allows network adjacent attackers authenticated \nover WiFi or on LAN to execute OS command injections on the router. \nDHCPv6 is not enabled by default.

"}],"value":"An insufficient input validation vulnerability in NETGEAR Orbi devices' \nDHCPv6 functionality allows network adjacent attackers authenticated \nover WiFi or on LAN to execute OS command injections on the router. \nDHCPv6 is not enabled by default."}],"impacts":[{"capecId":"CAPEC-88","descriptions":[{"lang":"en","value":"CAPEC-88 OS Command Injection"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NO","Recovery":"USER","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"ADJACENT","baseScore":4.8,"baseSeverity":"MEDIUM","exploitMaturity":"UNREPORTED","privilegesRequired":"LOW","providerUrgency":"AMBER","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"MODERATE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-20","description":"CWE-20 Improper Input Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"a2826606-91e7-4eb6-899e-8484bd4575d5","shortName":"NETGEAR","dateUpdated":"2026-01-13T16:22:30.971Z"},"references":[{"tags":["patch","product"],"url":"https://www.netgear.com/support/product/rbre960"},{"tags":["product","patch"],"url":"https://www.netgear.com/support/product/rbse960"},{"tags":["product","patch"],"url":"https://www.netgear.com/support/product/rbr850"},{"tags":["product","patch"],"url":"https://www.netgear.com/support/product/rbs850"},{"tags":["product","patch"],"url":"https://www.netgear.com/support/product/rbr860"},{"tags":["product","patch"],"url":"https://www.netgear.com/support/product/rbs860"},{"tags":["product","patch"],"url":"https://www.netgear.com/support/product/rbre950"},{"tags":["product","patch"],"url":"https://www.netgear.com/support/product/rbse950"},{"tags":["product","patch"],"url":"https://www.netgear.com/support/product/rbr750"},{"tags":["product","patch"],"url":"https://www.netgear.com/support/product/rbs750"},{"tags":["product","patch"],"url":"https://www.netgear.com/support/product/rbr840"},{"tags":["product","patch"],"url":"https://www.netgear.com/support/product/rbs840"},{"tags":["vendor-advisory"],"url":"https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"

Devices with automatic updates enabled may already have this patch \napplied. If not, please check the firmware version and update it to the \nlatest.

\n\n

Fixed in:

\n\n

RBR750 firmware v7.2.8.5 or later
RBR840 firmware v7.2.8.5 or later
RBR850 firmware v7.2.8.5 or later
RBR860 firmware v7.2.8.5 or later
RBS750 firmware v7.2.8.5 or later
RBS840 firmware v7.2.8.5 or later
RBS850 firmware v7.2.8.5 or later
RBS860 firmware v7.2.8.5 or later
RBRE950 firmware v7.2.8.5 or later
RBRE960 firmware v7.2.8.5 or later
RBSE950 firmware v7.2.8.5 or later
RBSE960 firmware v7.2.8.5 or later

"}],"value":"Devices with automatic updates enabled may already have this patch \napplied. If not, please check the firmware version and update it to the \nlatest.\n\n\n\nFixed in:\n\n\n\n\n\nRBR750 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbr750 \nRBR840 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbr840 \nRBR850 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbr850 \nRBR860 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbr860 \nRBS750 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbs750 \nRBS840 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbs840 \nRBS850 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbs850 \nRBS860 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbs860 \nRBRE950 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbre950 \nRBRE960 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbre960 \nRBSE950 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbse950 \nRBSE960 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbse960"}],"source":{"discovery":"EXTERNAL"},"title":"Insufficient input validation in NETGEAR Orbi routers","x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2026-0404","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2026-01-14T04:57:22.559440Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T15:04:43.482Z"}}]}}