CVE-2026-0408

A path traversal vulnerability in NETGEAR WiFi range extenders allows
 an attacker with LAN authentication to access the router's IP and 
review the contents of the dynamically generated webproc file, which 
records the username and password submitted to the router GUI.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
NETGEARCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory
https://www.netgear.com/support/product/ex2800
https://www.netgear.com/support/product/ex3110
https://www.netgear.com/support/product/ex5000
https://www.netgear.com/support/product/ex6110