CVE-2026-0408
Unknown Unknown - Not Provided

Path Traversal in NETGEAR Extenders Exposes Router Credentials

Vulnerability report for CVE-2026-0408, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-13

Last updated on: 2026-02-20

Assigner: Netgear, Inc.

Description

A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file, which records the username and password submitted to the router GUI.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-13
Last Modified
2026-02-20
Generated
2026-07-06
AI Q&A
2026-01-14
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
netgear ex2800_firmware to 1.0.1.82 (exc)
netgear ex3110_firmware to 1.0.1.82 (exc)
netgear ex5000_firmware to 1.0.1.82 (exc)
netgear ex6110_firmware to 1.0.1.82 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a path traversal flaw in NETGEAR WiFi range extenders that allows an attacker with LAN authentication to access the router's IP and view the contents of a dynamically generated webproc file. This file contains sensitive information such as usernames and passwords submitted to the router's GUI.

Impact Analysis

An attacker who exploits this vulnerability can gain access to sensitive credentials (usernames and passwords) used to manage the router. This could lead to unauthorized access to the router's administrative interface, potentially allowing further malicious actions on the network.

Mitigation Strategies

To mitigate this vulnerability, ensure that your NETGEAR WiFi range extender devices have the latest firmware updates installed. If your devices do not have automatic updates enabled, manually verify and update the firmware to the latest version provided by NETGEAR to prevent exploitation. [2]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0408. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart