CVE-2026-0408
Unknown Unknown - Not Provided
Path Traversal in NETGEAR Extenders Exposes Router Credentials

Publication date: 2026-01-13

Last updated on: 2026-02-20

Assigner: Netgear, Inc.

Description
A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file, which records the username and password submitted to the router GUI.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-02-20
Generated
2026-06-16
AI Q&A
2026-01-14
EPSS Evaluated
2026-06-14
NVD
CVE-2026-0408
EUVD
EUVD-2026-2218
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
netgear ex2800_firmware to 1.0.1.82 (exc)
netgear ex3110_firmware to 1.0.1.82 (exc)
netgear ex5000_firmware to 1.0.1.82 (exc)
netgear ex6110_firmware to 1.0.1.82 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a path traversal flaw in NETGEAR WiFi range extenders that allows an attacker with LAN authentication to access the router's IP and view the contents of a dynamically generated webproc file. This file contains sensitive information such as usernames and passwords submitted to the router's GUI.

Impact Analysis

An attacker who exploits this vulnerability can gain access to sensitive credentials (usernames and passwords) used to manage the router. This could lead to unauthorized access to the router's administrative interface, potentially allowing further malicious actions on the network.

Mitigation Strategies

To mitigate this vulnerability, ensure that your NETGEAR WiFi range extender devices have the latest firmware updates installed. If your devices do not have automatic updates enabled, manually verify and update the firmware to the latest version provided by NETGEAR to prevent exploitation. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0408. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart