CVE-2026-0406 — HIGH (8.0) — White Hats Nepal

Q: What is CVE-2026-0406?

CVE-2026-0406 is a vulnerability with a CVSS score of 8.0 (HIGH). An insufficient input validation vulnerability in the NETGEAR XR1000v2 allows attackers connected to the router's LAN to execute OS command injections.

Q: How severe is CVE-2026-0406?

CVE-2026-0406 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-0406?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Xr1000V2 Firmware, Netgear Xr1000V2.

Vulnerability Description

An insufficient input validation vulnerability in the NETGEAR XR1000v2 allows attackers connected to the router's LAN to execute OS command injections.

CVSS Score

8.0

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Netgear	Xr1000V2 Firmware	< 1.1.2.34
Netgear	Xr1000V2	-

Related Weaknesses (CWE)

CWE-20

References

https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-AdvisoryPatchVendor Advisory
https://www.netgear.com/support/product/xr1000v2PatchProduct

FAQ

What is CVE-2026-0406?

CVE-2026-0406 is a vulnerability with a CVSS score of 8.0 (HIGH). An insufficient input validation vulnerability in the NETGEAR XR1000v2 allows attackers connected to the router's LAN to execute OS command injections.

How severe is CVE-2026-0406?

CVE-2026-0406 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-0406?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Xr1000V2 Firmware, Netgear Xr1000V2.