Platform
netgear
Component
netgear-orbi-router
Fixed in
v7.2.8.5
v7.2.8.5
v7.2.8.5
v7.2.8.5
v7.2.8.5
v7.2.8.5
v7.2.8.5
v7.2.8.5
v7.2.8.5
v7.2.8.5
v7.2.8.5
v7.2.8.5
CVE-2026-0404 describes an insufficient input validation vulnerability affecting NETGEAR Orbi Routers. This flaw allows authenticated network-adjacent attackers to inject OS commands, potentially leading to complete system compromise. The vulnerability impacts Orbi Router models running versions 0 through v7.2.8.5. A fix is available in version v7.2.8.5.
Successful exploitation of CVE-2026-0404 allows an attacker authenticated over WiFi or on the local area network (LAN) to execute arbitrary operating system commands on the vulnerable NETGEAR Orbi Router. This could lead to a complete takeover of the router, enabling the attacker to modify configurations, steal sensitive data (such as network credentials and user data), and potentially pivot to other devices on the network. The impact is particularly severe because routers often serve as the gateway to the internet and control access to internal network resources. While DHCPv6 is disabled by default, environments where it is enabled are at significant risk.
CVE-2026-0404 was publicly disclosed on January 13, 2026. Exploitation probability is currently unknown, but the vulnerability's nature (OS command injection) suggests a potentially high risk if a public exploit is developed. It is not currently listed on the CISA KEV catalog. The lack of a public proof-of-concept (POC) at this time does not diminish the importance of applying the patch or implementing mitigations.
Exploit Status
EPSS
0.15% (35% percentile)
CISA SSVC
The primary mitigation for CVE-2026-0404 is to upgrade NETGEAR Orbi Routers to firmware version v7.2.8.5 or later. If an immediate upgrade is not possible due to compatibility issues or testing requirements, disabling the DHCPv6 functionality on the router can significantly reduce the attack surface. This can be done through the router's web interface. Monitor network traffic for unusual activity originating from or destined to the router. Consider implementing network segmentation to limit the potential blast radius of a successful attack.
Update the firmware on your NETGEAR Orbi router to version 7.2.8.5 or later. This corrects the insufficient input validation vulnerability in the DHCPv6 functionality. You can download the latest firmware from the NETGEAR support website.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-0404 is a vulnerability in NETGEAR Orbi Routers allowing authenticated attackers to execute OS commands, potentially taking control of the device. Severity is pending evaluation.
If you use a NETGEAR Orbi Router running versions 0–v7.2.8.5, you are potentially affected. Check your router's firmware version and upgrade if necessary.
Upgrade your NETGEAR Orbi Router to firmware version v7.2.8.5 or later. Alternatively, disable DHCPv6 if it's not required.
There are currently no confirmed reports of active exploitation, but the vulnerability's nature suggests a potential risk if a public exploit is developed.
Refer to the official NETGEAR security advisory for CVE-2026-0404 on the NETGEAR support website.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.