ГлавнаяУязвимости → CVE-2026-0404
8высокая

CVE-2026-0404

Описание

An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is not enabled by default.

Затрагиваемое ПО
Netgear Rbr750 firmwareNetgear Rbr750Netgear Rbr840 firmwareNetgear Rbr840Netgear Rbr850 firmwareNetgear Rbr850Netgear Rbr860 firmwareNetgear Rbr860Netgear Rbs750 firmwareNetgear Rbs750Netgear Rbs840 firmwareNetgear Rbs840Netgear Rbs850 firmwareNetgear Rbs850Netgear Rbs860 firmwareNetgear Rbs860Netgear Rbre950 firmwareNetgear Rbre950Netgear Rbre960 firmwareNetgear Rbre960Netgear Rbse950 firmwareNetgear Rbse950Netgear Rbse960 firmwareNetgear Rbse960
CVSS
Балл8 — высокая
ВекторCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisoryhttps://www.netgear.com/support/product/rbr750https://www.netgear.com/support/product/rbr840https://www.netgear.com/support/product/rbr850https://www.netgear.com/support/product/rbr860https://www.netgear.com/support/product/rbre950https://www.netgear.com/support/product/rbre960https://www.netgear.com/support/product/rbs750