CVE-2026-0406
HIGHNETGEAR XR1000v2 - Command Injection
Title source: llmDescription
An insufficient input validation vulnerability in the NETGEAR XR1000v2 allows attackers connected to the router's LAN to execute OS command injections.
Scores
CVSS v3
8.0
EPSS
0.0004
EPSS Percentile
13.3%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-20
Status
published
Affected Products (1)
netgear/xr1000v2_firmware
< 1.1.2.34
Timeline
Published
Jan 13, 2026
Tracked Since
Feb 18, 2026