Plattform
netgear
Komponente
netgear-orbi-router
Behoben in
v7.2.8.5
v7.2.8.5
v7.2.8.5
v7.2.8.5
v7.2.8.5
v7.2.8.5
v7.2.8.5
v7.2.8.5
v7.2.8.5
v7.2.8.5
v7.2.8.5
v7.2.8.5
CVE-2026-0404 describes an insufficient input validation vulnerability affecting NETGEAR Orbi Routers. This flaw allows authenticated network-adjacent attackers to inject OS commands, potentially leading to complete system compromise. The vulnerability impacts Orbi Router models running versions 0 through v7.2.8.5. A fix is available in version v7.2.8.5.
Successful exploitation of CVE-2026-0404 allows an attacker authenticated over WiFi or on the local area network (LAN) to execute arbitrary operating system commands on the vulnerable NETGEAR Orbi Router. This could lead to a complete takeover of the router, enabling the attacker to modify configurations, steal sensitive data (such as network credentials and user data), and potentially pivot to other devices on the network. The impact is particularly severe because routers often serve as the gateway to the internet and control access to internal network resources. While DHCPv6 is disabled by default, environments where it is enabled are at significant risk.
CVE-2026-0404 was publicly disclosed on January 13, 2026. Exploitation probability is currently unknown, but the vulnerability's nature (OS command injection) suggests a potentially high risk if a public exploit is developed. It is not currently listed on the CISA KEV catalog. The lack of a public proof-of-concept (POC) at this time does not diminish the importance of applying the patch or implementing mitigations.
Home and small business users who rely on NETGEAR Orbi Routers are at risk, particularly those who have enabled DHCPv6. Shared hosting environments utilizing Orbi routers for network management are also vulnerable. Legacy configurations with outdated firmware are especially susceptible.
• netgear: Examine router logs for unusual DHCPv6 client requests or error messages.
• linux / server: journalctl -u dhcpv6 -f to monitor DHCPv6 daemon logs for suspicious activity.
• generic web: Use curl -v to test DHCPv6 endpoint responses for unexpected behavior or error codes.
disclosure
Exploit-Status
EPSS
0.15% (35% Perzentil)
CISA SSVC
The primary mitigation for CVE-2026-0404 is to upgrade NETGEAR Orbi Routers to firmware version v7.2.8.5 or later. If an immediate upgrade is not possible due to compatibility issues or testing requirements, disabling the DHCPv6 functionality on the router can significantly reduce the attack surface. This can be done through the router's web interface. Monitor network traffic for unusual activity originating from or destined to the router. Consider implementing network segmentation to limit the potential blast radius of a successful attack.
Actualice el firmware de su router NETGEAR Orbi a la versión 7.2.8.5 o superior. Esto corrige la vulnerabilidad de validación de entrada insuficiente en la funcionalidad DHCPv6. Puede descargar la última versión del firmware desde el sitio web de soporte de NETGEAR.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-0404 is a vulnerability in NETGEAR Orbi Routers allowing authenticated attackers to execute OS commands, potentially taking control of the device. Severity is pending evaluation.
If you use a NETGEAR Orbi Router running versions 0–v7.2.8.5, you are potentially affected. Check your router's firmware version and upgrade if necessary.
Upgrade your NETGEAR Orbi Router to firmware version v7.2.8.5 or later. Alternatively, disable DHCPv6 if it's not required.
There are currently no confirmed reports of active exploitation, but the vulnerability's nature suggests a potential risk if a public exploit is developed.
Refer to the official NETGEAR security advisory for CVE-2026-0404 on the NETGEAR support website.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.