Vulnerability Description
A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file, which records the username and password submitted to the router GUI.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgear | Ex2800 Firmware | < 1.0.1.82 |
| Netgear | Ex2800 | - |
| Netgear | Ex3110 Firmware | < 1.0.1.82 |
| Netgear | Ex3110 | - |
| Netgear | Ex5000 Firmware | < 1.0.1.82 |
| Netgear | Ex5000 | - |
| Netgear | Ex6110 Firmware | < 1.0.1.82 |
| Netgear | Ex6110 | - |
Related Weaknesses (CWE)
References
- https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-AdvisoryVendor AdvisoryPatch
- https://www.netgear.com/support/product/ex2800ProductPatch
- https://www.netgear.com/support/product/ex3110ProductPatch
- https://www.netgear.com/support/product/ex5000ProductPatch
- https://www.netgear.com/support/product/ex6110ProductPatch
FAQ
What is CVE-2026-0408?
CVE-2026-0408 is a vulnerability with a CVSS score of 8.0 (HIGH). A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file,...
How severe is CVE-2026-0408?
CVE-2026-0408 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-0408?
Check the references section above for vendor advisories and patch information. Affected products include: Netgear Ex2800 Firmware, Netgear Ex2800, Netgear Ex3110 Firmware, Netgear Ex3110, Netgear Ex5000 Firmware.