{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-0408","assignerOrgId":"a2826606-91e7-4eb6-899e-8484bd4575d5","state":"PUBLISHED","assignerShortName":"NETGEAR","dateReserved":"2025-12-03T04:16:14.964Z","datePublished":"2026-01-13T16:01:11.201Z","dateUpdated":"2026-02-26T15:04:43.819Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"EX5000","vendor":"NETGEAR","versions":[{"lessThan":"v1.0.1.82","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"EX3110","vendor":"NETGEAR","versions":[{"lessThan":"v1.0.1.82","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"EX6110","vendor":"NETGEAR","versions":[{"lessThan":"v1.0.1.82","status":"affected","version":"0","versionType":"custom"}]},{"defaultStatus":"unaffected","product":"EX2800","vendor":"NETGEAR","versions":[{"lessThan":"v1.0.1.82","status":"affected","version":"0","versionType":"custom"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:h:netgear:ex5000:*:*:*:*:*:*:*:*","versionEndExcluding":"v1.0.1.82","versionStartIncluding":"0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:h:netgear:ex3110:*:*:*:*:*:*:*:*","versionEndExcluding":"v1.0.1.82","versionStartIncluding":"0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:h:netgear:ex6110:*:*:*:*:*:*:*:*","versionEndExcluding":"v1.0.1.82","versionStartIncluding":"0","vulnerable":true}],"negate":false,"operator":"OR"},{"cpeMatch":[{"criteria":"cpe:2.3:h:netgear:ex2800:*:*:*:*:*:*:*:*","versionEndExcluding":"v1.0.1.82","versionStartIncluding":"0","vulnerable":true}],"negate":false,"operator":"OR"}],"operator":"OR"}],"credits":[{"lang":"en","type":"finder","value":"chiphazard"}],"datePublic":"2026-01-13T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>A path traversal vulnerability in NETGEAR WiFi range extenders allows\n an attacker with LAN authentication to access the router's IP and \nreview the contents of the dynamically generated webproc file, which \nrecords the username and password submitted to the router GUI.&nbsp;</p>"}],"value":"A path traversal vulnerability in NETGEAR WiFi range extenders allows\n an attacker with LAN authentication to access the router's IP and \nreview the contents of the dynamically generated webproc file, which \nrecords the username and password submitted to the router GUI."}],"impacts":[{"capecId":"CAPEC-115","descriptions":[{"lang":"en","value":"CAPEC-115 Authentication Bypass"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NO","Recovery":"USER","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"ADJACENT","baseScore":6.1,"baseSeverity":"MEDIUM","exploitMaturity":"UNREPORTED","privilegesRequired":"LOW","providerUrgency":"AMBER","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"MODERATE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-287","description":"CWE-287 Improper Authentication","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"a2826606-91e7-4eb6-899e-8484bd4575d5","shortName":"NETGEAR","dateUpdated":"2026-01-13T16:22:13.288Z"},"references":[{"tags":["product","patch"],"url":"https://www.netgear.com/support/product/ex5000"},{"tags":["product","patch"],"url":"https://www.netgear.com/support/product/ex3110"},{"tags":["product","patch"],"url":"https://www.netgear.com/support/product/ex6110"},{"tags":["product","patch"],"url":"https://www.netgear.com/support/product/ex2800"},{"tags":["vendor-advisory"],"url":"https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Manually check the firmware version and update it to the latest.</p><p></p>\n\n<p>Fixed in:</p><p><span>EX2800&nbsp;</span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/ex2800\">firmware V1.0.1.82 or later</a><br><span>EX3110&nbsp;</span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/ex3110\">firmware V1.0.1.82 or later</a><br><span>EX5000 </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/ex5000\">firmware V1.0.1.82 or later</a><br><span>EX6110&nbsp;</span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/ex6110\">firmware V1.0.1.82 or later</a></p>"}],"value":"Manually check the firmware version and update it to the latest.\n\n\n\n\n\nFixed in:\n\nEX2800  firmware V1.0.1.82 or later https://www.netgear.com/support/product/ex2800 \nEX3110  firmware V1.0.1.82 or later https://www.netgear.com/support/product/ex3110 \nEX5000  firmware V1.0.1.82 or later https://www.netgear.com/support/product/ex5000 \nEX6110  firmware V1.0.1.82 or later https://www.netgear.com/support/product/ex6110"}],"source":{"discovery":"EXTERNAL"},"title":"Path traversal vulnerability in Netgear WiFi Range Extenders","x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2026-0408","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2026-01-14T04:57:23.537468Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T15:04:43.819Z"}}]}}