CVE-2026-0404 Insufficient input validation in NETGEAR Orbi routers

An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is not enabled by default...

CVE-2026-0404

CVE-2026-0404 affects NETGEAR Orbi devices. The issue is insufficient input validation in the DHCPv6 functionality, enabling network-adjacent attackers on WiFi or LAN to trigger OS command injections. DHCPv6 is not enabled by default. Impact per sources: confidentiality/integrity/availability exp...

CVE-2026-0408 Path traversal vulnerability in Netgear WiFi Range Extenders

A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file, which records the username and password submitted to the router GUI...

CVE-2026-0408 Path traversal vulnerability in Netgear WiFi Range Extenders

A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file, which records the username and password submitted to the router GUI...

CVE-2026-0408

NETGEAR WiFi range extenders are affected by CVE-2026-0408 due to a path traversal vulnerability that allows an attacker with LAN authentication to access the router’s IP and read the dynamically generated webproc file, which contains the username and password submitted to the router GUI. Affecte...

CVE-2026-0407 Authentication bypass in NETGEAR WiFi Range Extenders via network adjacent attacks

An insufficient authentication vulnerability in NETGEAR WiFi range extenders allows a network adjacent attacker with WiFi authentication or a physical Ethernet port connection to bypass the authentication process and access the admin panel...

CVE-2026-0407 Authentication bypass in NETGEAR WiFi Range Extenders via network adjacent attacks

An insufficient authentication vulnerability in NETGEAR WiFi range extenders allows a network adjacent attacker with WiFi authentication or a physical Ethernet port connection to bypass the authentication process and access the admin panel...

CVE-2026-0407

CVE-2026-0407 describes an insufficient authentication vulnerability in NETGEAR WiFi range extenders. An adjacent attacker with WiFi authentication or a connected Ethernet port can bypass authentication and access the admin panel. Documented by multiple sources (NVD, Red Hat, CNNVD, CIRCL, EUVD, ...

CVE-2026-0406 Insufficient input validation in NETGEAR Nighthawk router XR1000v2

An insufficient input validation vulnerability in the NETGEAR XR1000v2 allows attackers connected to the router's LAN to execute OS command injections...

CVE-2026-0406

The CVE refers to CVE-2026-0406 affecting NETGEAR XR1000v2, where insufficient input validation allows attackers on the LAN to perform OS command injections. Affected component is the device firmware’s handling of inputs that leads to command execution; root cause is input validation weakness. Do...

CVE-2026-0406 Insufficient input validation in NETGEAR Nighthawk router XR1000v2

An insufficient input validation vulnerability in the NETGEAR XR1000v2 allows attackers connected to the router's LAN to execute OS command injections...

CVE-2026-0405 Authentication Bypass in NETGEAR Orbi Devices

An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin...

CVE-2026-0405

CVE-2026-0405 affects NETGEAR Orbi devices: an authentication bypass allows users on the local network to access the router web interface with admin privileges. Exploitation requires local network access (attack vector: adjacent, low complexity, no user interaction). Impact per metrics is HIGH fo...

CVE-2026-0405 Authentication Bypass in NETGEAR Orbi Devices

An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin...

CVE-2026-0403 Insufficient input validation in NETGEAR Orbi routers

An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN to execute OS command injections...

CVE-2026-0403 Insufficient input validation in NETGEAR Orbi routers

An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN to execute OS command injections...

CVE-2026-0403

CVE-2026-0403 involves an insufficient input validation vulnerability in NETGEAR Orbi routers that allows attackers on the LAN to execute OS command injections. Affected product family: NETGEAR Orbi routers (multiple models referenced in advisories). Root cause: inadequate input validation. Impac...

NETGEAR Orbi 安全漏洞

NETGEAR Orbi is a distributed WiFi system from NETGEAR. A security vulnerability exists in the NETGEAR Orbi that stems from insufficient input validation of the DHCPv6 feature, which could lead to OS command injection...

PT-2026-2628

Name of the Vulnerable Software and Affected Versions NETGEAR Orbi affected versions not specified Description A flaw exists that allows users on the local network to gain administrative access to the router web interface without proper authentication. This bypass enables unauthorized access to...

NETGEAR Orbi 安全漏洞

NETGEAR Orbi is a distributed WiFi system from NETGEAR. A security vulnerability exists in NETGEAR Orbi that stems from insufficient input validation and could lead to OS command injection...