CVE-2026-0408

EUVD-2026-2218
A path traversal vulnerability in NETGEAR WiFi range extenders allows
 an attacker with LAN authentication to access the router's IP and 
review the contents of the dynamically generated webproc file, which 
records the username and password submitted to the router GUI.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8 HIGH
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
Affected Products (NVD)
VendorProductVersion
netgearex2800_firmware
𝑥
< 1.0.1.82
netgearex3110_firmware
𝑥
< 1.0.1.82
netgearex5000_firmware
𝑥
< 1.0.1.82
netgearex6110_firmware
𝑥
< 1.0.1.82
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory
https://www.netgear.com/support/product/ex2800
https://www.netgear.com/support/product/ex3110
https://www.netgear.com/support/product/ex5000
https://www.netgear.com/support/product/ex6110