CVE-2026-0404
HIGHNetgear Rbr750 Firmware < 7.2.8.5 - Improper Input Validation
Title source: ruleDescription
An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is not enabled by default.
References (13)
Scores
CVSS v3
8.0
EPSS
0.0013
EPSS Percentile
32.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-20
Status
published
Affected Products (12)
netgear/rbr750_firmware
< 7.2.8.5
netgear/rbr840_firmware
< 7.2.8.5
netgear/rbr850_firmware
< 7.2.8.5
netgear/rbr860_firmware
< 7.2.8.5
netgear/rbs750_firmware
< 7.2.8.5
netgear/rbs840_firmware
< 7.2.8.5
netgear/rbs850_firmware
< 7.2.8.5
netgear/rbs860_firmware
< 7.2.8.5
netgear/rbre950_firmware
< 7.2.8.5
netgear/rbre960_firmware
< 7.2.8.5
netgear/rbse950_firmware
< 7.2.8.5
netgear/rbse960_firmware
< 7.2.8.5
Timeline
Published
Jan 13, 2026
Tracked Since
Feb 18, 2026