CVE-2026-0406 - Vulnerability Details - OpenCVE

An insufficient input validation vulnerability in the NETGEAR XR1000v2 allows attackers connected to the router's LAN to execute OS command injections.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Netgear	Xr1000v2

No data.

No data.

References

Link	Providers
https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory
https://www.netgear.com/support/product/xr1000v2

History

Tue, 13 Jan 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 13 Jan 2026 16:30:00 +0000

Type	Values Removed	Values Added
References		https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory

Tue, 13 Jan 2026 16:15:00 +0000

Type	Values Removed	Values Added
Description		An insufficient input validation vulnerability in the NETGEAR XR1000v2 allows attackers connected to the router's LAN to execute OS command injections.
Title		Insufficient input validation in NETGEAR Nighthawk router XR1000v2
First Time appeared		Netgear Netgear xr1000v2
Weaknesses		CWE-20
CPEs		cpe:2.3:h:netgear:xr1000v2::::::::
Vendors & Products		Netgear Netgear xr1000v2
References		https://www.netgear.com/support/product/xr1000v2
Metrics		cvssV4_0 `{'score': 6.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/S:N/AU:N/R:U/V:D/RE:M/U:Amber'}`

MITRE

Status: PUBLISHED

Assigner: NETGEAR

Published: 2026-01-13T16:00:59.458Z

Updated: 2026-01-13T18:49:23.178Z

Reserved: 2025-12-03T04:16:12.706Z

Link: CVE-2026-0406

Vulnrichment

Updated: 2026-01-13T18:49:12.661Z

NVD

Status : Received

Published: 2026-01-13T16:16:10.690

Modified: 2026-01-13T17:15:59.900

Link: CVE-2026-0406

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0406", "assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5", "state": "PUBLISHED", "assignerShortName": "NETGEAR", "dateReserved": "2025-12-03T04:16:12.706Z", "datePublished": "2026-01-13T16:00:59.458Z", "dateUpdated": "2026-01-13T18:49:23.178Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "XR1000v2", "vendor": "NETGEAR", "versions": [{"lessThanOrEqual": "1.1.0.22", "status": "affected", "version": "0", "versionType": "custom"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:xr1000v2:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.1.0.22", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "credits": [{"lang": "en", "type": "finder", "value": "o4ncL1"}], "datePublic": "2026-01-13T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>An insufficient input validation vulnerability in the NETGEAR XR1000v2 \nallows attackers connected to the router's LAN to execute OS command \ninjections. </p>"}], "value": "An insufficient input validation vulnerability in the NETGEAR XR1000v2 \nallows attackers connected to the router's LAN\u00a0to execute OS command \ninjections."}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 6.1, "baseSeverity": "MEDIUM", "exploitMaturity": "UNREPORTED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/S:N/AU:N/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5", "shortName": "NETGEAR", "dateUpdated": "2026-01-13T16:21:33.600Z"}, "references": [{"tags": ["product", "patch"], "url": "https://www.netgear.com/support/product/xr1000v2"}, {"tags": ["vendor-advisory"], "url": "https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Devices with automatic updates enabled may already have this\npatch applied. If not, please check the firmware version and update it to the\nlatest.</p><p>Fixed in:</p><div>XR1000v2 <a href=\"https://www.netgear.com/support/product/xr1000v2\">Firmware v<strong>1.1.2.34</strong> or later</a></div>"}], "value": "Devices with automatic updates enabled may already have this\npatch applied. If not, please check the firmware version and update it to the\nlatest.\n\nFixed in:\n\nXR1000v2 Firmware v1.1.2.34\u00a0or later https://www.netgear.com/support/product/xr1000v2"}], "source": {"discovery": "EXTERNAL"}, "title": "Insufficient input validation in NETGEAR Nighthawk router XR1000v2", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-13T18:49:08.387722Z", "id": "CVE-2026-0406", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-13T18:49:23.178Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0406", "assignerOrgId": "a2826606-91e7-4eb6-899e-8484bd4575d5", "state": "PUBLISHED", "assignerShortName": "NETGEAR", "dateReserved": "2025-12-03T04:16:12.706Z", "datePublished": "2026-01-13T16:00:59.458Z", "dateUpdated": "2026-01-13T18:49:23.178Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "XR1000v2", "vendor": "NETGEAR", "versions": [{"lessThanOrEqual": "1.1.0.22", "status": "affected", "version": "0", "versionType": "custom"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:xr1000v2:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.1.0.22", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "credits": [{"lang": "en", "type": "finder", "value": "o4ncL1"}], "datePublic": "2026-01-13T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>An insufficient input validation vulnerability in the NETGEAR XR1000v2 \nallows attackers connected to the router's LAN to execute OS command \ninjections. </p>"}], "value": "An insufficient input validation vulnerability in the NETGEAR XR1000v2 \nallows attackers connected to the router's LAN\u00a0to execute OS command \ninjections."}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 6.1, "baseSeverity": "MEDIUM", "exploitMaturity": "UNREPORTED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/S:N/AU:N/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a2826606-91e7-4eb6-899e-8484bd4575d5", "shortName": "NETGEAR", "dateUpdated": "2026-01-13T16:21:33.600Z"}, "references": [{"tags": ["product", "patch"], "url": "https://www.netgear.com/support/product/xr1000v2"}, {"tags": ["vendor-advisory"], "url": "https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Devices with automatic updates enabled may already have this\npatch applied. If not, please check the firmware version and update it to the\nlatest.</p><p>Fixed in:</p><div>XR1000v2 <a href=\"https://www.netgear.com/support/product/xr1000v2\">Firmware v<strong>1.1.2.34</strong> or later</a></div>"}], "value": "Devices with automatic updates enabled may already have this\npatch applied. If not, please check the firmware version and update it to the\nlatest.\n\nFixed in:\n\nXR1000v2 Firmware v1.1.2.34\u00a0or later https://www.netgear.com/support/product/xr1000v2"}], "source": {"discovery": "EXTERNAL"}, "title": "Insufficient input validation in NETGEAR Nighthawk router XR1000v2", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0406", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-13T18:49:08.387722Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-13T18:49:12.661Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An insufficient input validation vulnerability in the NETGEAR XR1000v2 \nallows attackers connected to the router's LAN\u00a0to execute OS command \ninjections."}], "id": "CVE-2026-0406", "lastModified": "2026-01-13T17:15:59.900", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "AMBER", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "type": "Secondary"}]}, "published": "2026-01-13T16:16:10.690", "references": [{"source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "url": "https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory"}, {"source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "url": "https://www.netgear.com/support/product/xr1000v2"}], "sourceIdentifier": "a2826606-91e7-4eb6-899e-8484bd4575d5", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "type": "Secondary"}]}