CVE-2026-0404
Insufficient input validation in NETGEAR Orbi routers
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is not enabled by default.
| CWE | CWE-20 |
| Vendor | netgear |
| Product | rbre960 |
| Published | Jan 13, 2026 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for netgear rbre960
Be the first to know when new unknown vulnerabilities affecting netgear rbre960 are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
NETGEAR / RBRE960
0 < v7.2.8.5
NETGEAR / RBSE960
0 < v7.2.8.5
NETGEAR / RBR850
0 < v7.2.8.5
NETGEAR / RBS850
0 < v7.2.8.5
NETGEAR / RBR860
0 < v7.2.8.5
NETGEAR / RBS860
0 < v7.2.8.5
NETGEAR / RBRE950
0 < v7.2.8.5
NETGEAR / RBSE950
0 < v7.2.8.5
NETGEAR / RBR750
0 < v7.2.8.5
NETGEAR / RBS750
0 < v7.2.8.5
NETGEAR / RBR840
0 < v7.2.8.5
NETGEAR / RBS840
0 < v7.2.8.5
References
netgear.com: https://www.netgear.com/support/product/rbre960 netgear.com: https://www.netgear.com/support/product/rbse960 netgear.com: https://www.netgear.com/support/product/rbr850 netgear.com: https://www.netgear.com/support/product/rbs850 netgear.com: https://www.netgear.com/support/product/rbr860 netgear.com: https://www.netgear.com/support/product/rbs860 netgear.com: https://www.netgear.com/support/product/rbre950 netgear.com: https://www.netgear.com/support/product/rbse950 netgear.com: https://www.netgear.com/support/product/rbr750 netgear.com: https://www.netgear.com/support/product/rbs750 netgear.com: https://www.netgear.com/support/product/rbr840 netgear.com: https://www.netgear.com/support/product/rbs840 kb.netgear.com: https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory
Credits
Hyunseok Yun