CVE-2026-0404
An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is not enabled by default.
| Software | From | Fixed in |
|---|---|---|
| netgear / rbr750_firmware | - | 7.2.8.5 |
| netgear / rbr840_firmware | - | 7.2.8.5 |
| netgear / rbr850_firmware | - | 7.2.8.5 |
| netgear / rbr860_firmware | - | 7.2.8.5 |
| netgear / rbs750_firmware | - | 7.2.8.5 |
| netgear / rbs840_firmware | - | 7.2.8.5 |
| netgear / rbs850_firmware | - | 7.2.8.5 |
| netgear / rbs860_firmware | - | 7.2.8.5 |
| netgear / rbre950_firmware | - | 7.2.8.5 |
| netgear / rbre960_firmware | - | 7.2.8.5 |
| netgear / rbse950_firmware | - | 7.2.8.5 |
| netgear / rbse960_firmware | - | 7.2.8.5 |
- https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory
- https://www.netgear.com/support/product/rbr750
- https://www.netgear.com/support/product/rbr840
- https://www.netgear.com/support/product/rbr850
- https://www.netgear.com/support/product/rbr860
- https://www.netgear.com/support/product/rbre950
- https://www.netgear.com/support/product/rbre960
- https://www.netgear.com/support/product/rbs750
- https://www.netgear.com/support/product/rbs840
- https://www.netgear.com/support/product/rbs850
- https://www.netgear.com/support/product/rbs860
- https://www.netgear.com/support/product/rbse950
- https://www.netgear.com/support/product/rbse960
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime