CVE-2026-0408 MEDIUM

CVE-2026-0408: Path traversal vulnerability in Netgear WiFi Range Extenders

Vendor Netgear
Product EX5000
Weakness CWE-287 · Improper authentication
Published January 13, 2026
Last update February 26, 2026

CVSS base score

6.1/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber

What the vulnerability does

01Description

A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file, which records the username and password submitted to the router GUI.

Key dates

02Disclosure timeline

January 13, 2026 CVE published
February 26, 2026 Record updated