CVE-2026-0408
Published: 13 January 2026
Summary
CVE-2026-0408 is a high-severity Improper Authentication (CWE-287) vulnerability in Netgear Ex2800 Firmware. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials In Files (T1552.001); ranked at the 19.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates path traversal by requiring validation of user-supplied inputs used to construct file paths in the web interface, preventing unauthorized access to the webproc credential file.
Enforces approved authorizations to restrict even low-privilege LAN-authenticated users from accessing sensitive dynamically generated files outside intended directories via traversal.
Addresses the specific CVE by requiring timely flaw remediation through installation of NETGEAR patches from the published security advisory.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal directly enables reading the webproc file containing submitted GUI credentials, mapping to unsecured credentials in files.
NVD Description
A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file, which records the username and password submitted to the router…
more
GUI.
Deeper analysisAI
CVE-2026-0408 is a path traversal vulnerability in NETGEAR WiFi range extenders, including models EX2800, EX3110, EX5000, and EX6110. Published on 2026-01-13, the issue allows an attacker with LAN authentication to access the router's IP address and review the contents of the dynamically generated webproc file, which records usernames and passwords submitted to the router GUI. It carries a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-287 (Improper Authentication).
Exploitation requires an attacker to be adjacent on the network with low-privilege LAN authentication, enabling low-complexity access without user interaction. Upon success, the attacker can achieve high confidentiality impact by extracting submitted router GUI credentials, alongside high integrity and availability impacts within the unchanged scope.
NETGEAR has published a security advisory at https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory, with product support pages for the affected models at https://www.netgear.com/support/product/ex2800, https://www.netgear.com/support/product/ex3110, https://www.netgear.com/support/product/ex5000, and https://www.netgear.com/support/product/ex6110.
Details
- CWE(s)