CVE-2026-0404
Insufficient input validation in NETGEAR Orbi routers
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.8EPSS 1.1%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
13 ene 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
An insufficient input validation vulnerability in NETGEAR Orbi devices'
DHCPv6 functionality allows network adjacent attackers authenticated
over WiFi or on LAN to execute OS command injections on the router.
DHCPv6 is not enabled by default.
CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber
Productos afectados
NETGEAR · RBR750NETGEAR · RBR840NETGEAR · RBR850NETGEAR · RBR860NETGEAR · RBRE950NETGEAR · RBRE960NETGEAR · RBS750NETGEAR · RBS840NETGEAR · RBS850NETGEAR · RBS860NETGEAR · RBSE950NETGEAR · RBSE960¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisoryhttps://www.netgear.com/support/product/rbr750https://www.netgear.com/support/product/rbr840https://www.netgear.com/support/product/rbr850https://www.netgear.com/support/product/rbr860https://www.netgear.com/support/product/rbre950https://www.netgear.com/support/product/rbre960https://www.netgear.com/support/product/rbs750https://www.netgear.com/support/product/rbs840https://www.netgear.com/support/product/rbs850https://www.netgear.com/support/product/rbs860https://www.netgear.com/support/product/rbse950