CVE-2026-0408
Last modified
CVE-2026-0408 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file, which records the username and password submitted to the router GUI.. EPSS estimates a 0.23% chance of exploitation in the next 30 days.
Description
A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file, which records the username and password submitted to the router GUI.
Metrics
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Netgear | Ex2800 Firmware | < 1.0.1.82 |
| Netgear | Ex3110 Firmware | < 1.0.1.82 |
| Netgear | Ex5000 Firmware | < 1.0.1.82 |
| Netgear | Ex6110 Firmware | < 1.0.1.82 |
References
- https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-AdvisoryPatch, Vendor Advisory
- https://www.netgear.com/support/product/ex2800Patch, Product
- https://www.netgear.com/support/product/ex3110Patch, Product
- https://www.netgear.com/support/product/ex5000Patch, Product
- https://www.netgear.com/support/product/ex6110Patch, Product
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-0408?
How severe is CVE-2026-0408?
How do I fix CVE-2026-0408?
Are you affected by CVE-2026-0408?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST