CVE-2026-0404 - Vulnerability Details

An insufficient input validation vulnerability in NETGEAR Orbi devices'
DHCPv6 functionality allows network adjacent attackers authenticated
over WiFi or on LAN to execute OS command injections on the router.
DHCPv6 is not enabled by default.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00321.

Exploitation none

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

NETGEAR

RBRE960

unaffected

Version	Status	Constraints
`0`	affected	< v7.2.8.5

NETGEAR

RBSE960

unaffected

Version	Status	Constraints
`0`	affected	< v7.2.8.5

NETGEAR

RBR850

unaffected

Version	Status	Constraints
`0`	affected	< v7.2.8.5

NETGEAR

RBS850

unaffected

Version	Status	Constraints
`0`	affected	< v7.2.8.5

NETGEAR

RBR860

unaffected

Version	Status	Constraints
`0`	affected	< v7.2.8.5

NETGEAR

RBS860

unaffected

Version	Status	Constraints
`0`	affected	< v7.2.8.5

NETGEAR

RBRE950

unaffected

Version	Status	Constraints
`0`	affected	< v7.2.8.5

NETGEAR

RBSE950

unaffected

Version	Status	Constraints
`0`	affected	< v7.2.8.5

NETGEAR

RBR750

unaffected

Version	Status	Constraints
`0`	affected	< v7.2.8.5

NETGEAR

RBS750

unaffected

Version	Status	Constraints
`0`	affected	< v7.2.8.5

NETGEAR

RBR840

unaffected

Version	Status	Constraints
`0`	affected	< v7.2.8.5

NETGEAR

RBS840

unaffected

Version	Status	Constraints
`0`	affected	< v7.2.8.5

Configuration 1 [-]

AND

cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr750:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:netgear:rbr840_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr840:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:netgear:rbr860_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr860:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:netgear:rbs840_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs840:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:netgear:rbs860_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs860:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:netgear:rbre950_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbre950:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:netgear:rbre960_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbre960:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:netgear:rbse950_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbse950:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:netgear:rbse960_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbse960:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Netgear Subscribe	Rbr750 Subscribe Rbr750 Firmware Subscribe Rbr840 Subscribe Rbr840 Firmware Subscribe Rbr850 Subscribe Rbr850 Firmware Subscribe Rbr860 Subscribe Rbr860 Firmware Subscribe Rbre950 Subscribe Rbre950 Firmware Subscribe Rbre960 Subscribe Rbre960 Firmware Subscribe Rbs750 Subscribe Rbs750 Firmware Subscribe Rbs840 Subscribe Rbs840 Firmware Subscribe Rbs850 Subscribe Rbs850 Firmware Subscribe Rbs860 Subscribe Rbs860 Firmware Subscribe Rbse950 Subscribe Rbse950 Firmware Subscribe Rbse960 Subscribe Rbse960 Firmware Subscribe

Advisories

No advisories yet.

Fixes

Solution

Devices with automatic updates enabled may already have this patch applied. If not, please check the firmware version and update it to the latest. Fixed in: RBR750 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbr750 RBR840 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbr840 RBR850 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbr850 RBR860 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbr860 RBS750 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbs750 RBS840 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbs840 RBS850 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbs850 RBS860 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbs860 RBRE950 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbre950 RBRE960 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbre960 RBSE950 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbse950 RBSE960 firmware v7.2.8.5 or later https://www.netgear.com/support/product/rbse960

Workaround

No workaround given by the vendor.

References

Link	Providers
https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory
https://www.netgear.com/support/product/rbr750
https://www.netgear.com/support/product/rbr840
https://www.netgear.com/support/product/rbr850
https://www.netgear.com/support/product/rbr860
https://www.netgear.com/support/product/rbre950
https://www.netgear.com/support/product/rbre960
https://www.netgear.com/support/product/rbs750
https://www.netgear.com/support/product/rbs840
https://www.netgear.com/support/product/rbs850
https://www.netgear.com/support/product/rbs860
https://www.netgear.com/support/product/rbse950
https://www.netgear.com/support/product/rbse960

History

Thu, 12 Feb 2026 17:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Netgear rbr750 Firmware Netgear rbr840 Firmware Netgear rbr850 Firmware Netgear rbr860 Firmware Netgear rbre950 Firmware Netgear rbre960 Firmware Netgear rbs750 Firmware Netgear rbs840 Firmware Netgear rbs850 Firmware Netgear rbs860 Firmware Netgear rbse950 Firmware Netgear rbse960 Firmware
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:h:netgear:rbr750:-:::::::* cpe:2.3:h:netgear:rbr840:-:::::::* cpe:2.3:h:netgear:rbr850:-:::::::* cpe:2.3:h:netgear:rbr860:-:::::::* cpe:2.3:h:netgear:rbre950:-:::::::* cpe:2.3:h:netgear:rbre960:-:::::::* cpe:2.3:h:netgear:rbs750:-:::::::* cpe:2.3:h:netgear:rbs840:-:::::::* cpe:2.3:h:netgear:rbs850:-:::::::* cpe:2.3:h:netgear:rbs860:-:::::::* cpe:2.3:h:netgear:rbse950:-:::::::* cpe:2.3:h:netgear:rbse960:-:::::::* cpe:2.3:o:netgear:rbr750_firmware:::::::: cpe:2.3:o:netgear:rbr840_firmware:::::::: cpe:2.3:o:netgear:rbr850_firmware:::::::: cpe:2.3:o:netgear:rbr860_firmware:::::::: cpe:2.3:o:netgear:rbre950_firmware:::::::: cpe:2.3:o:netgear:rbre960_firmware:::::::: cpe:2.3:o:netgear:rbs750_firmware:::::::: cpe:2.3:o:netgear:rbs840_firmware:::::::: cpe:2.3:o:netgear:rbs850_firmware:::::::: cpe:2.3:o:netgear:rbs860_firmware:::::::: cpe:2.3:o:netgear:rbse950_firmware:::::::: cpe:2.3:o:netgear:rbse960_firmware::::::::
Vendors & Products		Netgear rbr750 Firmware Netgear rbr840 Firmware Netgear rbr850 Firmware Netgear rbr860 Firmware Netgear rbre950 Firmware Netgear rbre960 Firmware Netgear rbs750 Firmware Netgear rbs840 Firmware Netgear rbs850 Firmware Netgear rbs860 Firmware Netgear rbse950 Firmware Netgear rbse960 Firmware
Metrics		cvssV3_1 `{'score': 8.0, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Tue, 13 Jan 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 13 Jan 2026 16:30:00 +0000

Type	Values Removed	Values Added
References		https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory

Tue, 13 Jan 2026 16:15:00 +0000

Type	Values Removed	Values Added
Description		An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is not enabled by default.
Title		Insufficient input validation in NETGEAR Orbi routers
First Time appeared		Netgear Netgear rbr750 Netgear rbr840 Netgear rbr850 Netgear rbr860 Netgear rbre950 Netgear rbre960 Netgear rbs750 Netgear rbs840 Netgear rbs850 Netgear rbs860 Netgear rbse950 Netgear rbse960
Weaknesses		CWE-20
CPEs		cpe:2.3:h:netgear:rbr750:::::::: cpe:2.3:h:netgear:rbr840:::::::: cpe:2.3:h:netgear:rbr850:::::::: cpe:2.3:h:netgear:rbr860:::::::: cpe:2.3:h:netgear:rbre950:::::::: cpe:2.3:h:netgear:rbre960:::::::: cpe:2.3:h:netgear:rbs750:::::::: cpe:2.3:h:netgear:rbs840:::::::: cpe:2.3:h:netgear:rbs850:::::::: cpe:2.3:h:netgear:rbs860:::::::: cpe:2.3:h:netgear:rbse950:::::::: cpe:2.3:h:netgear:rbse960::::::::
Vendors & Products		Netgear Netgear rbr750 Netgear rbr840 Netgear rbr850 Netgear rbr860 Netgear rbre950 Netgear rbre960 Netgear rbs750 Netgear rbs840 Netgear rbs850 Netgear rbs860 Netgear rbse950 Netgear rbse960
References		https://www.netgear.com/support/product/rbr750 https://www.netgear.com/support/product/rbr840 https://www.netgear.com/support/product/rbr850 https://www.netgear.com/support/product/rbr860 https://www.netgear.com/support/product/rbre950 https://www.netgear.com/support/product/rbre960 https://www.netgear.com/support/product/rbs750 https://www.netgear.com/support/product/rbs840 https://www.netgear.com/support/product/rbs850 https://www.netgear.com/support/product/rbs860 https://www.netgear.com/support/product/rbse950 https://www.netgear.com/support/product/rbse960
Metrics		cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: NETGEAR

Published: 2026-01-13T16:01:14.944Z

Updated: 2026-01-14T04:57:21.815Z

Reserved: 2025-12-03T04:16:10.186Z

Link: CVE-2026-0404

Vulnrichment

Updated: 2026-01-13T16:25:05.607Z

NVD

Status : Analyzed

Published: 2026-01-13T16:16:10.343

Modified: 2026-02-12T17:36:09.760

Link: CVE-2026-0404

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object