Details of VAR-202601-2770

ID

VAR-202601-2770

CVE

CVE-2026-0404

TITLE

of netgear RBR750 Vulnerabilities related to input validation in multiple products, such as firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-003891

DESCRIPTION

An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is not enabled by default. DHCPv6 is disabled by default.All information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-0404 // JVNDB: JVNDB-2026-003891

AFFECTED PRODUCTS

vendor:	netgear	model:	rbr840	scope:	lt	version:	7.2.8.5	Trust: 1.0
vendor:	netgear	model:	rbre960	scope:	lt	version:	7.2.8.5	Trust: 1.0
vendor:	netgear	model:	rbr750	scope:	lt	version:	7.2.8.5	Trust: 1.0
vendor:	netgear	model:	rbse950	scope:	lt	version:	7.2.8.5	Trust: 1.0
vendor:	netgear	model:	rbs850	scope:	lt	version:	7.2.8.5	Trust: 1.0
vendor:	netgear	model:	rbr850	scope:	lt	version:	7.2.8.5	Trust: 1.0
vendor:	netgear	model:	rbr860	scope:	lt	version:	7.2.8.5	Trust: 1.0
vendor:	netgear	model:	rbre950	scope:	lt	version:	7.2.8.5	Trust: 1.0
vendor:	netgear	model:	rbs840	scope:	lt	version:	7.2.8.5	Trust: 1.0
vendor:	netgear	model:	rbs860	scope:	lt	version:	7.2.8.5	Trust: 1.0
vendor:	netgear	model:	rbs750	scope:	lt	version:	7.2.8.5	Trust: 1.0
vendor:	netgear	model:	rbse960	scope:	lt	version:	7.2.8.5	Trust: 1.0
vendor:	ネットギア	model:	rbr750	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbs840	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbr850	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbre950	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbs860	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbre960	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbr840	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbs850	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbse950	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbs750	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbr860	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbse960	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-003891 // NVD: CVE-2026-0404

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2026-0404
value:	HIGH
Trust: 1.0
a2826606-91e7-4eb6-899e-8484bd4575d5:	CVE-2026-0404
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2026-0404
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2026-0404
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2026-0404
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-003891 // NVD: CVE-2026-0404 // NVD: CVE-2026-0404

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [ others ]	Trust: 0.8
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-003891 // NVD: CVE-2026-0404

PATCH

title:

January 2026 NETGEAR Security Advisory - NETGEAR Support

url:

https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory

Trust: 0.8

sources: JVNDB: JVNDB-2026-003891

EXTERNAL IDS

db:	NVD	id:	CVE-2026-0404	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-003891	Trust: 0.8

sources: JVNDB: JVNDB-2026-003891 // NVD: CVE-2026-0404

REFERENCES

url:	https://www.netgear.com/support/product/rbs850	Trust: 1.8
url:	https://www.netgear.com/support/product/rbs840	Trust: 1.8
url:	https://www.netgear.com/support/product/rbr840	Trust: 1.8
url:	https://www.netgear.com/support/product/rbre950	Trust: 1.8
url:	https://www.netgear.com/support/product/rbse960	Trust: 1.8
url:	https://www.netgear.com/support/product/rbr850	Trust: 1.8
url:	https://www.netgear.com/support/product/rbse950	Trust: 1.8
url:	https://www.netgear.com/support/product/rbr860	Trust: 1.8
url:	https://www.netgear.com/support/product/rbs860	Trust: 1.8
url:	https://www.netgear.com/support/product/rbr750	Trust: 1.8
url:	https://www.netgear.com/support/product/rbre960	Trust: 1.8
url:	https://www.netgear.com/support/product/rbs750	Trust: 1.8
url:	https://kb.netgear.com/000070442/january-2026-netgear-security-advisory	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-0404	Trust: 0.8

sources: JVNDB: JVNDB-2026-003891 // NVD: CVE-2026-0404

SOURCES

db:	JVNDB	id:	JVNDB-2026-003891
db:	NVD	id:	CVE-2026-0404

LAST UPDATE DATE

2026-02-19T23:30:12.034000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-003891	date:	2026-02-17T07:26:00
db:	NVD	id:	CVE-2026-0404	date:	2026-02-12T17:36:09.760

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-003891	date:	2026-02-17T00:00:00
db:	NVD	id:	CVE-2026-0404	date:	2026-01-13T16:16:10.343