CVE-2026-0408

A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file, which records the username and password submitted to the router GUI.

CVSS

No CVSS.

References

Link	Resource
https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory
https://www.netgear.com/support/product/ex2800
https://www.netgear.com/support/product/ex3110
https://www.netgear.com/support/product/ex5000
https://www.netgear.com/support/product/ex6110

Configurations

No configuration.

History

No history.

Information

Published : 2026-01-13 16:16

Updated : 2026-01-14 16:25

NVD link : CVE-2026-0408

Mitre link : CVE-2026-0408

CVE.ORG link : CVE-2026-0408

JSON object : View

Products Affected

No product.

CWE

CWE-287

Improper Authentication

{"id": "CVE-2026-0408", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 6.1, "Automatable": "NO", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber", "exploitMaturity": "UNREPORTED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-13T16:16:11.017", "references": [{"url": "https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}, {"url": "https://www.netgear.com/support/product/ex2800", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}, {"url": "https://www.netgear.com/support/product/ex3110", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}, {"url": "https://www.netgear.com/support/product/ex5000", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}, {"url": "https://www.netgear.com/support/product/ex6110", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}], "vulnStatus": "Undergoing Analysis", "weaknesses": [{"type": "Secondary", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability in NETGEAR WiFi range extenders allows\n an attacker with LAN authentication to access the router's IP and \nreview the contents of the dynamically generated webproc file, which \nrecords the username and password submitted to the router GUI."}], "lastModified": "2026-01-14T16:25:40.430", "sourceIdentifier": "a2826606-91e7-4eb6-899e-8484bd4575d5"}

CVE-2026-0408

JSON object

Attach tags to CVE-2026-0408

Attach tags to `CVE-2026-0408`