CVE-2026-0404 identifies an improper input validation vulnerability (CWE-20) in the DHCPv6 functionality of the NETGEAR Orbi RBRE960 router. The flaw allows an attacker who is network adjacent and authenticated over WiFi or LAN to inject arbitrary OS commands on the router. This occurs because the DHCPv6 input is not sufficiently sanitized before being processed, enabling command injection attacks. DHCPv6 is not enabled by default, which limits the exposure to only those environments where it has been explicitly activated. The vulnerability requires the attacker to have low-level privileges (authenticated user) but does not require user interaction beyond authentication. The CVSS v4.0 score of 4.8 reflects a medium severity, considering the attack vector is adjacent network, attack complexity is low, and privileges required are low. The vulnerability impacts the confidentiality, integrity, and availability of the router and potentially the broader network it manages. No patches or known exploits are currently reported, indicating the vulnerability is newly disclosed and not yet widely exploited. The vulnerability was reserved in December 2025 and published in January 2026, indicating recent discovery. This vulnerability is particularly relevant for organizations and individuals using the RBRE960 model with DHCPv6 enabled, which is common in IPv6-enabled networks.

The impact of CVE-2026-0404 can be significant for organizations using NETGEAR Orbi RBRE960 routers with DHCPv6 enabled. Successful exploitation allows attackers to execute arbitrary OS commands on the router, potentially leading to full device compromise. This can result in unauthorized access to network traffic, manipulation or disruption of network services, and pivoting to other internal systems. Confidentiality is at risk as attackers could intercept or redirect traffic. Integrity is compromised through unauthorized configuration changes or malware installation. Availability could be affected by denial-of-service conditions caused by malicious commands. Since the vulnerability requires authentication, the risk is somewhat mitigated but still notable in environments where WiFi or LAN access is not tightly controlled. Small businesses and residential users with default or weak WiFi credentials are particularly vulnerable. The lack of known exploits suggests limited current impact but also means organizations should act proactively. The medium severity score reflects a moderate but actionable risk, especially in IPv6-enabled networks where DHCPv6 is used.

To mitigate CVE-2026-0404, organizations should first verify if DHCPv6 is enabled on their NETGEAR Orbi RBRE960 devices; if it is not required, disable DHCPv6 to eliminate the attack surface. If DHCPv6 is necessary, restrict network access to trusted users only by enforcing strong WiFi and LAN authentication mechanisms, including complex passwords and network segmentation. Monitor router logs for unusual DHCPv6 activity or command execution attempts. Apply any available firmware updates from NETGEAR promptly once released, as no patches are currently available. Consider implementing network-level protections such as firewall rules to limit DHCPv6 traffic to authorized devices. Regularly audit device configurations and access controls to ensure no unauthorized changes have occurred. Educate users about the risks of enabling unnecessary services and the importance of strong authentication. For environments requiring IPv6, consider alternative DHCPv6 implementations or devices with confirmed secure input validation. Maintain an incident response plan to quickly isolate and remediate compromised devices.