CVE-2026-0404HIGH 8.0EPSS p60.3%

CVE-2026-0404CVE-2026-0404

Description

An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is not enabled by default.

Scoring

CVSS 3.18.0 (HIGH)
VectorCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS1.06% probability of exploitation · percentile 60.3% · 2026-06-19T12:03:05Z
Published2026-01-13
Last modified2026-02-12

Underlying weaknesses· 1

CWE-20

References

  1. https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory
  2. https://www.netgear.com/support/product/rbr750
  3. https://www.netgear.com/support/product/rbr840
  4. https://www.netgear.com/support/product/rbr850
  5. https://www.netgear.com/support/product/rbr860
  6. https://www.netgear.com/support/product/rbre950
  7. https://www.netgear.com/support/product/rbre960
  8. https://www.netgear.com/support/product/rbs750

1

TypeTargetConfidenceTier
WeaknessImproper Input Validationcwe-200%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-0403
CVE
CVE-2026-0409
CVE
CVE-2026-0406
CVE
CVE-2026-0411
CVE
CVE-2026-0417
CVE
CVE-2026-0414
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.