CVE-2026-0408
published 2026-01-13CVE-2026-0408: A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of…
medium6.1CVSS 4.0
AVAACLATNPRLUINVCHVIHVAHSCNSINSANEUCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUNRUVDREMUAmber
A path traversal vulnerability in NETGEAR WiFi range extenders allows
an attacker with LAN authentication to access the router's IP and
review the contents of the dynamically generated webproc file, which
records the username and password submitted to the router GUI.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netgear | ex2800 | < v1.0.1.82 | v1.0.1.82 |
| netgear | ex2800_firmware | < 1.0.1.82 | 1.0.1.82 |
| netgear | ex3110 | < v1.0.1.82 | v1.0.1.82 |
| netgear | ex3110_firmware | < 1.0.1.82 | 1.0.1.82 |
| netgear | ex5000 | < v1.0.1.82 | v1.0.1.82 |
| netgear | ex5000_firmware | < 1.0.1.82 | 1.0.1.82 |
| netgear | ex6110 | < v1.0.1.82 | v1.0.1.82 |
| netgear | ex6110_firmware | < 1.0.1.82 | 1.0.1.82 |