CVE-2026-0404
Published: 13 January 2026
Summary
CVE-2026-0404 is a high-severity Improper Input Validation (CWE-20) vulnerability in Netgear Rbr750 Firmware. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 34.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 directly mandates input validation for external interfaces like DHCPv6, preventing command injection from insufficiently validated inputs.
SI-2 requires timely flaw remediation through firmware patching, directly addressing the known input validation vulnerability in NETGEAR Orbi DHCPv6.
CM-7 enforces least functionality by disabling non-essential DHCPv6 on Orbi routers, eliminating exposure to the vulnerable feature.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability directly enables remote exploitation of DHCPv6 service for OS command injection, mapping to remote service exploitation and Unix shell command execution on the router.
NVD Description
An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is not enabled by default.
Deeper analysisAI
CVE-2026-0404 is an insufficient input validation vulnerability (CWE-20) in the DHCPv6 functionality of NETGEAR Orbi devices, including models RBR750, RBR840, RBR850, and RBR860. Published on January 13, 2026, this flaw enables OS command injection on the router. It carries a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), reflecting high impact potential when exploited.
Network-adjacent attackers authenticated over WiFi or on the LAN can exploit the vulnerability by targeting the DHCPv6 feature, which is not enabled by default. Successful exploitation allows execution of arbitrary OS commands on the router, potentially leading to full compromise with high confidentiality, integrity, and availability impacts.
NETGEAR's January 2026 Security Advisory provides details on the vulnerability at https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory, with product support pages available for RBR750, RBR840, RBR850, and RBR860 at their respective URLs. Security practitioners should review these resources for recommended patches and mitigation guidance.
Details
- CWE(s)