CVE-2026-0408
MEDIUM EPSS 13.5%
Published Jan 13, 20265mo ago · Modified Jun 17, 20261w ago
6.1 CVSS 4.0
Published Jan 13, 2026 5mo ago
Last Modified Jun 17, 2026 1w ago
Description
A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file, which records the username and password submitted to the router GUI.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber Attack Vector Adjacent
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X
Threat Intelligence
EPSS Exploit Probability
13.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-287 Improper Authentication Authentication
Affected Products 8
References 5
- kb.netgear.com https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory
- netgear.com https://www.netgear.com/support/product/ex2800
- netgear.com https://www.netgear.com/support/product/ex3110
- netgear.com https://www.netgear.com/support/product/ex5000
- netgear.com https://www.netgear.com/support/product/ex6110
Remediation
- kb.netgear.com https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory
- netgear.com https://www.netgear.com/support/product/ex2800
- netgear.com https://www.netgear.com/support/product/ex3110
- netgear.com https://www.netgear.com/support/product/ex5000
- netgear.com https://www.netgear.com/support/product/ex6110