CVE-2026-0404 – An insufficient input validation vulnerability ... (How to Fix)

Q: What is the severity of CVE-2026-0404?

CVE-2026-0404 has a CVSS score of 8.0 (HIGH). An insufficient input validation vulnerability in NETGEAR Orbi routers' DHCPv6 functionality allows authenticated attackers on the same network (WiFi or LAN) to execute arbitrary OS commands on the router. This affects NETGEAR Orbi RBR750, RBR840, RBR850, and RBR860 models. DHCPv6 is disabled by default, reducing the attack surface.

📋 TL;DR

An insufficient input validation vulnerability in NETGEAR Orbi routers' DHCPv6 functionality allows authenticated attackers on the same network (WiFi or LAN) to execute arbitrary OS commands on the router. This affects NETGEAR Orbi RBR750, RBR840, RBR850, and RBR860 models. DHCPv6 is disabled by default, reducing the attack surface.

💻 Affected Systems

Products:

NETGEAR Orbi RBR750
NETGEAR Orbi RBR840
NETGEAR Orbi RBR850
NETGEAR Orbi RBR860

Versions: All versions prior to firmware patch

Operating Systems: Orbi firmware

Default Config Vulnerable: ✅ No

Notes: DHCPv6 must be enabled for the vulnerability to be exploitable. DHCPv6 is disabled by default on affected devices.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise allowing attacker to intercept all network traffic, install persistent backdoors, pivot to other devices, or brick the router.

🟠

Likely Case

Router compromise leading to network traffic interception, DNS hijacking, or credential theft from connected devices.

🟢

If Mitigated

No impact if DHCPv6 is disabled and proper network segmentation is in place.

🌐 Internet-Facing: LOW - Attack requires network adjacency and authentication, not directly exploitable from the internet.

🏢 Internal Only: HIGH - Authenticated attackers on the local network can achieve remote code execution.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires attacker to be authenticated on the network and have DHCPv6 enabled. No public exploit code available as of advisory publication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific firmware versions

Vendor Advisory: https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory

Restart Required: Yes

Instructions:

1. Log into Orbi web interface. 2. Navigate to Advanced > Administration > Firmware Update. 3. Check for updates and install latest firmware. 4. Reboot router after update completes.

🔧 Temporary Workarounds

Disable DHCPv6

all

Disable DHCPv6 functionality to eliminate the attack vector

Log into Orbi web interface > Advanced > Setup > IPv6 > Set IPv6 Connection Type to 'Disabled'

Network Segmentation

all

Isolate IoT/guest devices from trusted network segments

Configure separate VLANs for untrusted devices
Enable guest network isolation

🧯 If You Can't Patch

Disable DHCPv6 immediately in router settings
Implement strict network access controls and monitor for suspicious DHCPv6 traffic

🔍 How to Verify

Check if Vulnerable:

Check if DHCPv6 is enabled in router settings and firmware version is unpatched

Check Version:

Log into Orbi web interface > Advanced > Administration > Firmware Update to view current version

Verify Fix Applied:

Verify firmware version matches patched version in vendor advisory and DHCPv6 remains disabled or updated

📡 Detection & Monitoring

Log Indicators:

Unusual DHCPv6 requests
Suspicious command execution in router logs
Unexpected firmware or configuration changes

Network Indicators:

Malformed DHCPv6 packets
Unexpected outbound connections from router
DNS or network configuration changes

SIEM Query:

source="router_logs" AND (dhcpv6 OR command_injection OR firmware_change)

📊 Metadata

CVE ID: CVE-2026-0404

CVSS v3 Score: 8.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-20

EPSS Score: 0.32% exploit probability (54.6th percentile)

Published: January 13, 2026

Last Updated: February 12, 2026

🔗 References

https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory Patch,Vendor Advisory
https://www.netgear.com/support/product/rbr750 Patch,Product
https://www.netgear.com/support/product/rbr840 Patch,Product
https://www.netgear.com/support/product/rbr850 Patch,Product
https://www.netgear.com/support/product/rbr860 Patch,Product
https://www.netgear.com/support/product/rbre950 Patch,Product
https://www.netgear.com/support/product/rbre960 Patch,Product
https://www.netgear.com/support/product/rbs750 Patch,Product
https://www.netgear.com/support/product/rbs840 Patch,Product
https://www.netgear.com/support/product/rbs850 Patch,Product
https://www.netgear.com/support/product/rbs860 Patch,Product
https://www.netgear.com/support/product/rbse950 Patch,Product
https://www.netgear.com/support/product/rbse960 Patch,Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-0404, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Rbr750 Firmware by Netgear

Rbr840 Firmware by Netgear

Rbr850 Firmware by Netgear

Rbr860 Firmware by Netgear

Rbre950 Firmware by Netgear

Rbre960 Firmware by Netgear

Rbs750 Firmware by Netgear

Rbs840 Firmware by Netgear

Rbs850 Firmware by Netgear

Rbs860 Firmware by Netgear

Rbse950 Firmware by Netgear

Rbse960 Firmware by Netgear