CVE-2026-0404 — HIGH (8.0) — White Hats Nepal

Q: How severe is CVE-2026-0404?

CVE-2026-0404 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-0404?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Rbr750 Firmware, Netgear Rbr750, Netgear Rbr840 Firmware, Netgear Rbr840, Netgear Rbr850 Firmware.

Vulnerability Description

An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is not enabled by default.

CVSS Score

8.0

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Netgear	Rbr750 Firmware	< 7.2.8.5
Netgear	Rbr750	-
Netgear	Rbr840 Firmware	< 7.2.8.5
Netgear	Rbr840	-
Netgear	Rbr850 Firmware	< 7.2.8.5
Netgear	Rbr850	-
Netgear	Rbr860 Firmware	< 7.2.8.5
Netgear	Rbr860	-
Netgear	Rbs750 Firmware	< 7.2.8.5
Netgear	Rbs750	-
Netgear	Rbs840 Firmware	< 7.2.8.5
Netgear	Rbs840	-
Netgear	Rbs850 Firmware	< 7.2.8.5
Netgear	Rbs850	-
Netgear	Rbs860 Firmware	< 7.2.8.5
Netgear	Rbs860	-
Netgear	Rbre950 Firmware	< 7.2.8.5
Netgear	Rbre950	-
Netgear	Rbre960 Firmware	< 7.2.8.5
Netgear	Rbre960	-

Related Weaknesses (CWE)

CWE-20

References

https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-AdvisoryPatchVendor Advisory
https://www.netgear.com/support/product/rbr750PatchProduct
https://www.netgear.com/support/product/rbr840PatchProduct
https://www.netgear.com/support/product/rbr850PatchProduct
https://www.netgear.com/support/product/rbr860PatchProduct
https://www.netgear.com/support/product/rbre950PatchProduct
https://www.netgear.com/support/product/rbre960PatchProduct
https://www.netgear.com/support/product/rbs750PatchProduct
https://www.netgear.com/support/product/rbs840PatchProduct
https://www.netgear.com/support/product/rbs850PatchProduct
https://www.netgear.com/support/product/rbs860PatchProduct
https://www.netgear.com/support/product/rbse950PatchProduct
https://www.netgear.com/support/product/rbse960PatchProduct

FAQ

What is CVE-2026-0404?

CVE-2026-0404 is a vulnerability with a CVSS score of 8.0 (HIGH). An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on t...

How severe is CVE-2026-0404?

CVE-2026-0404 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-0404?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Rbr750 Firmware, Netgear Rbr750, Netgear Rbr840 Firmware, Netgear Rbr840, Netgear Rbr850 Firmware.