Path traversal vulnerability in Netgear WiFi Range Extenders_CVE-2026-0408

6.1 / 10

MEDIUM

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber

Description

A path traversal vulnerability in NETGEAR WiFi range extenders allows
an attacker with LAN authentication to access the router's IP and
review the contents of the dynamically generated webproc file, which
records the username and password submitted to the router GUI.

Basic Information

ID CVE-2026-0408

Source NETGEAR

Published Jan 13, 2026 at 16:01

Modified Jan 13, 2026 at 16:38

Affected Product

Vendor NETGEAR

Product EX5000

Affected Versions NETGEAR EX5000 0
NETGEAR EX3110 0
NETGEAR EX6110 0
NETGEAR EX2800 0

CWE Classification

CWE-287

References

{
    "lastseen": "",
    "description": "A path traversal vulnerability in NETGEAR WiFi range extenders allows\n an attacker with LAN authentication to access the router's IP and \nreview the contents of the dynamically generated webproc file, which \nrecords the username and password submitted to the router GUI.",
    "published": "2026-01-13T16:01:11.201Z",
    "modified": "2026-01-13T16:38:45.105Z",
    "type": "cve",
    "title": "Path traversal vulnerability in Netgear WiFi Range Extenders",
    "source": "NETGEAR",
    "references": "https://www.netgear.com/support/product/ex5000\nhttps://www.netgear.com/support/product/ex3110\nhttps://www.netgear.com/support/product/ex6110\nhttps://www.netgear.com/support/product/ex2800\nhttps://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory",
    "id": "CVE-2026-0408",
    "bulletinFamily": "",
    "cwe": [
        "CWE-287"
    ],
    "cvelist": null,
    "sourceData": "NETGEAR EX5000 0\nNETGEAR EX3110 0\nNETGEAR EX6110 0\nNETGEAR EX2800 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EX5000",
    "version": "0",
    "vendor": "NETGEAR",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}