{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0408", "assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5", "state": "PUBLISHED", "assignerShortName": "NETGEAR", "dateReserved": "2025-12-03T04:16:14.964Z", "datePublished": "2026-01-13T16:01:11.201Z", "dateUpdated": "2026-02-26T15:04:43.819Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "EX5000", "vendor": "NETGEAR", "versions": [{"lessThan": "v1.0.1.82", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "EX3110", "vendor": "NETGEAR", "versions": [{"lessThan": "v1.0.1.82", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "EX6110", "vendor": "NETGEAR", "versions": [{"lessThan": "v1.0.1.82", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "EX2800", "vendor": "NETGEAR", "versions": [{"lessThan": "v1.0.1.82", "status": "affected", "version": "0", "versionType": "custom"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex5000:*:*:*:*:*:*:*:*", "versionEndExcluding": "v1.0.1.82", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex3110:*:*:*:*:*:*:*:*", "versionEndExcluding": "v1.0.1.82", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex6110:*:*:*:*:*:*:*:*", "versionEndExcluding": "v1.0.1.82", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex2800:*:*:*:*:*:*:*:*", "versionEndExcluding": "v1.0.1.82", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "credits": [{"lang": "en", "type": "finder", "value": "chiphazard"}], "datePublic": "2026-01-13T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A path traversal vulnerability in NETGEAR WiFi range extenders allows\n an attacker with LAN authentication to access the router's IP and \nreview the contents of the dynamically generated webproc file, which \nrecords the username and password submitted to the router GUI.&nbsp;</p>"}], "value": "A path traversal vulnerability in NETGEAR WiFi range extenders allows\n an attacker with LAN authentication to access the router's IP and \nreview the contents of the dynamically generated webproc file, which \nrecords the username and password submitted to the router GUI."}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 6.1, "baseSeverity": "MEDIUM", "exploitMaturity": "UNREPORTED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5", "shortName": "NETGEAR", "dateUpdated": "2026-01-13T16:22:13.288Z"}, "references": [{"tags": ["product", "patch"], "url": "https://www.netgear.com/support/product/ex5000"}, {"tags": ["product", "patch"], "url": "https://www.netgear.com/support/product/ex3110"}, {"tags": ["product", "patch"], "url": "https://www.netgear.com/support/product/ex6110"}, {"tags": ["product", "patch"], "url": "https://www.netgear.com/support/product/ex2800"}, {"tags": ["vendor-advisory"], "url": "https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Manually check the firmware version and update it to the latest.</p><p></p>\n\n<p>Fixed in:</p><p><span>EX2800&nbsp;</span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/ex2800\">firmware V1.0.1.82 or later</a><br><span>EX3110&nbsp;</span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/ex3110\">firmware V1.0.1.82 or later</a><br><span>EX5000 </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/ex5000\">firmware V1.0.1.82 or later</a><br><span>EX6110&nbsp;</span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/ex6110\">firmware V1.0.1.82 or later</a></p>"}], "value": "Manually check the firmware version and update it to the latest.\n\n\n\n\n\nFixed in:\n\nEX2800\u00a0 firmware V1.0.1.82 or later https://www.netgear.com/support/product/ex2800 \nEX3110\u00a0 firmware V1.0.1.82 or later https://www.netgear.com/support/product/ex3110 \nEX5000 firmware V1.0.1.82 or later https://www.netgear.com/support/product/ex5000 \nEX6110\u00a0 firmware V1.0.1.82 or later https://www.netgear.com/support/product/ex6110"}], "source": {"discovery": "EXTERNAL"}, "title": "Path traversal vulnerability in Netgear WiFi Range Extenders", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0408", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-14T04:57:23.537468Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:04:43.819Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0408", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-13T16:37:32.972674Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-13T16:38:39.113Z"}}], "cna": {"title": "Path traversal vulnerability in Netgear WiFi Range Extenders", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "chiphazard"}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 6.1, "Automatable": "NO", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber", "exploitMaturity": "UNREPORTED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NETGEAR", "product": "EX5000", "versions": [{"status": "affected", "version": "0", "lessThan": "v1.0.1.82", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "NETGEAR", "product": "EX3110", "versions": [{"status": "affected", "version": "0", "lessThan": "v1.0.1.82", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "NETGEAR", "product": "EX6110", "versions": [{"status": "affected", "version": "0", "lessThan": "v1.0.1.82", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"vendor": "NETGEAR", "product": "EX2800", "versions": [{"status": "affected", "version": "0", "lessThan": "v1.0.1.82", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Manually check the firmware version and update it to the latest.\n\n\n\n\n\nFixed in:\n\nEX2800\u00a0 firmware V1.0.1.82 or later https://www.netgear.com/support/product/ex2800 \nEX3110\u00a0 firmware V1.0.1.82 or later https://www.netgear.com/support/product/ex3110 \nEX5000 firmware V1.0.1.82 or later https://www.netgear.com/support/product/ex5000 \nEX6110\u00a0 firmware V1.0.1.82 or later https://www.netgear.com/support/product/ex6110", "supportingMedia": [{"type": "text/html", "value": "<p>Manually check the firmware version and update it to the latest.</p><p></p>\n\n<p>Fixed in:</p><p><span>EX2800&nbsp;</span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/ex2800\">firmware V1.0.1.82 or later</a><br><span>EX3110&nbsp;</span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/ex3110\">firmware V1.0.1.82 or later</a><br><span>EX5000 </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/ex5000\">firmware V1.0.1.82 or later</a><br><span>EX6110&nbsp;</span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.netgear.com/support/product/ex6110\">firmware V1.0.1.82 or later</a></p>", "base64": false}]}], "datePublic": "2026-01-13T16:00:00.000Z", "references": [{"url": "https://www.netgear.com/support/product/ex5000", "tags": ["product", "patch"]}, {"url": "https://www.netgear.com/support/product/ex3110", "tags": ["product", "patch"]}, {"url": "https://www.netgear.com/support/product/ex6110", "tags": ["product", "patch"]}, {"url": "https://www.netgear.com/support/product/ex2800", "tags": ["product", "patch"]}, {"url": "https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "A path traversal vulnerability in NETGEAR WiFi range extenders allows\n an attacker with LAN authentication to access the router's IP and \nreview the contents of the dynamically generated webproc file, which \nrecords the username and password submitted to the router GUI.", "supportingMedia": [{"type": "text/html", "value": "<p>A path traversal vulnerability in NETGEAR WiFi range extenders allows\n an attacker with LAN authentication to access the router's IP and \nreview the contents of the dynamically generated webproc file, which \nrecords the username and password submitted to the router GUI.&nbsp;</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287 Improper Authentication"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex5000:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "v1.0.1.82", "versionStartIncluding": "0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex3110:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "v1.0.1.82", "versionStartIncluding": "0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex6110:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "v1.0.1.82", "versionStartIncluding": "0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex2800:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "v1.0.1.82", "versionStartIncluding": "0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5", "shortName": "NETGEAR", "dateUpdated": "2026-01-13T16:22:13.288Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0408", "state": "PUBLISHED", "dateUpdated": "2026-01-14T04:57:22.802Z", "dateReserved": "2025-12-03T04:16:14.964Z", "assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5", "datePublished": "2026-01-13T16:01:11.201Z", "assignerShortName": "NETGEAR"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ex2800_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "55DC6A0A-B406-4813-ADA4-05F62A50AA3B", "versionEndExcluding": "1.0.1.82", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex2800:-:*:*:*:*:*:*:*", "matchCriteriaId": "BE27681D-2B5D-4816-84CD-ACDBAF1A12CD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ex3110_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CAF86049-4F34-4615-B8D5-9B06023F1AE9", "versionEndExcluding": "1.0.1.82", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex3110:-:*:*:*:*:*:*:*", "matchCriteriaId": "3C254694-4C37-4C5E-BF1C-06EC09BDCA1B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ex5000_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D7590BA-50CD-414F-8ED2-458F6227F3CB", "versionEndExcluding": "1.0.1.82", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F300D51-FEF5-4D49-851C-5B56F6A5087A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:ex6110_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6185EE4D-DFB0-4460-8E90-9DF2F1093004", "versionEndExcluding": "1.0.1.82", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:ex6110:-:*:*:*:*:*:*:*", "matchCriteriaId": "04329A16-D96D-4E1D-8AC9-EA3882F1DC41", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability in NETGEAR WiFi range extenders allows\n an attacker with LAN authentication to access the router's IP and \nreview the contents of the dynamically generated webproc file, which \nrecords the username and password submitted to the router GUI."}], "id": "CVE-2026-0408", "lastModified": "2026-02-20T19:41:22.173", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "type": "Secondary"}]}, "published": "2026-01-13T16:16:11.017", "references": [{"source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "tags": ["Vendor Advisory", "Patch"], "url": "https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory"}, {"source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "tags": ["Product", "Patch"], "url": "https://www.netgear.com/support/product/ex2800"}, {"source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "tags": ["Product", "Patch"], "url": "https://www.netgear.com/support/product/ex3110"}, {"source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "tags": ["Product", "Patch"], "url": "https://www.netgear.com/support/product/ex5000"}, {"source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "tags": ["Product", "Patch"], "url": "https://www.netgear.com/support/product/ex6110"}], "sourceIdentifier": "a2826606-91e7-4eb6-899e-8484bd4575d5", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T06:44:53.761111+00:00", "value": {"mitigation_remediation": ["Upgrade all affected Netgear range extenders to firmware V1.0.1.82 or later.", "After updating, configure local user accounts with strong, unique passwords and remove any default or unused accounts.", "Restrict LAN access to the device\u2019s management interface to trusted administrators only, if the device settings allow such restriction."], "summary": {"action": "Patch Immediately", "impact": "Information Disclosure via Path Traversal"}, "threat_synthesis": {"affected_systems": "Vendors NETGEAR, products EX2800, EX3110, EX5000, and EX6110. Firmware versions prior to V1.0.1.82 are affected. Security advisories from Netgear identify the specific firmware releases that address the issue.", "description_and_impact": "Path traversal allows a LAN\u2011authenticated user to read the router\u2019s webproc file, which contains plaintext usernames and passwords. This can expose account credentials that grant access to the management interface, enabling an attacker to maintain or elevate their foothold. The weakness is categorized as CWE\u2011287 (Improper Authentication).", "risk_and_exploitability": "The CVSS score of 6.1 indicates moderate severity. EPSS is less than 1%, implying a very low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires LAN access and valid authentication. Networks that expose the range extender\u2019s local IP to untrusted devices or fail to secure the GUI pose a higher risk. Attacker benefits include credential theft and potential lateral movement within the LAN."}}}}, "created": "2026-04-18T06:45:23.970428+00:00", "updated": "2026-04-18T06:45:23.970445+00:00", "vendors": []}