Cyber Resilience

CVE-2026-0408

Medium

Published: 13 January 2026

Published
13 January 2026
Modified
20 February 2026
KEV Added
Patch
CVSS Score v4 6.1 CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
EPSS Score 0.0003 8.3th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-0408 is a medium-severity Improper Authentication (CWE-287) vulnerability in Netgear Ex2800 Firmware. Its CVSS base score is 6.1 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials In Files (T1552.001); ranked at the 8.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-0408 is a path traversal vulnerability in NETGEAR WiFi range extenders, including models EX2800, EX3110, EX5000, and EX6110. Published on 2026-01-13, the issue allows an attacker with LAN authentication to access the router's IP address and review the contents of the dynamically generated webproc file, which records usernames and passwords submitted to the router GUI. It carries a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-287 (Improper Authentication).

Exploitation requires an attacker to be adjacent on the network with low-privilege LAN authentication, enabling low-complexity access without user interaction. Upon success, the attacker can achieve high confidentiality impact by extracting submitted router GUI credentials, alongside high integrity and availability impacts within the unchanged scope.

NETGEAR has published a security advisory at https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory, with product support pages for the affected models at https://www.netgear.com/support/product/ex2800, https://www.netgear.com/support/product/ex3110, https://www.netgear.com/support/product/ex5000, and https://www.netgear.com/support/product/ex6110.

EU & UK References

Vulnerability details

A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file, which records the username and password submitted to the router…

more

GUI.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

Path traversal directly enables reading the webproc file containing submitted GUI credentials, mapping to unsecured credentials in files.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-0407Same product: Netgear Ex2800
CVE-2024-57046Same vendor: Netgear
CVE-2026-0405Same vendor: Netgear
CVE-2026-0404Same vendor: Netgear
CVE-2025-44658Same vendor: Netgear
CVE-2024-54809Same vendor: Netgear
CVE-2024-12847Same vendor: Netgear
CVE-2024-54804Same vendor: Netgear
CVE-2024-54807Same vendor: Netgear
CVE-2026-0406Same vendor: Netgear

Affected Assets

netgear
ex2800 firmware
≤ 1.0.1.82
netgear
ex3110 firmware
≤ 1.0.1.82
netgear
ex5000 firmware
≤ 1.0.1.82
netgear
ex6110 firmware
≤ 1.0.1.82

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates path traversal by requiring validation of user-supplied inputs used to construct file paths in the web interface, preventing unauthorized access to the webproc credential file.

prevent

Enforces approved authorizations to restrict even low-privilege LAN-authenticated users from accessing sensitive dynamically generated files outside intended directories via traversal.

prevent

Addresses the specific CVE by requiring timely flaw remediation through installation of NETGEAR patches from the published security advisory.

References