RouterCVE

Router CVE Weekly Digest — Week of Jan 12, 2026

Published January 12, 2026 · RouterCVE Weekly Digest

18 CVEs 2 Critical10 High5 Medium1 Low

Affected Vendors

  • Fortinet: 6 CVEs (2 critical, 3 high, 1 medium, 1 low)
  • NETGEAR: 6 CVEs (6 high)
  • Cisco: 3 CVEs (3 medium)
  • TP-Link: 1 CVE (1 high)
  • Palo Alto Networks: 1 CVE (1 high)
  • OpenWrt / DD-WRT: 1 CVE (1 medium)

Critical Vulnerabilities

This week brings two critical vulnerabilities from Fortinet that demand immediate attention. CVE-2025-64155 (CVSS 9.8) is an OS command injection flaw in FortiSIEM that affects versions 7.4.0 and 7.3.0 through 7.3.4. An unauthenticated attacker can exploit this to execute arbitrary commands on affected devices. Similarly, CVE-2025-47855 (CVSS 9.8) exposes sensitive information in FortiFone 7.0.0–7.0.1 and 3.0.13–3.0.23 to unauthenticated attackers. Both require urgent patching — check Fortinet's security advisories for available updates immediately.

High-Severity Issues

NETGEAR dominates this week with six high-severity vulnerabilities, all stemming from insufficient input validation or authentication weaknesses. The most concerning cluster affects Orbi routers:

  • CVE-2026-0403 (CVSS 8.0) — OS command injection via LAN access
  • CVE-2026-0404 (CVSS 8.0) — DHCPv6 command injection accessible to WiFi/LAN-authenticated attackers
  • CVE-2026-0405 (CVSS 7.8) — Authentication bypass allowing admin access from the local network

Additionally, the XR1000v2 (CVE-2026-0406, CVSS 8.0) and WiFi range extenders (CVE-2026-0408, CVSS 8.0 path traversal; CVE-2026-0407, CVSS 8.0 insufficient authentication) all have LAN-adjacent attack surfaces. While these require local network access, they're significant for MSPs managing mixed deployments where guest networks or BYOD access exists.

Fortinet also contributed CVE-2025-25249 (CVSS 8.1), a heap-based buffer overflow in FortiOS spanning versions 6.4 through 7.6.3. This affects a wide range of FortiGate deployments and should be prioritized alongside the critical issues.

TP-Link TL-WR841N v14 users should patch CVE-2025-9014 (CVSS 7.5), a null pointer dereference in the web portal's referer header validation. Palo Alto Networks PAN-OS users need to address CVE-2026-0227 (CVSS 7.5), an unauthenticated denial-of-service vulnerability.

Medium and Low Severity

Fortinet's CVE-2025-58693 (CVSS 6.5) is a path traversal in FortiVoice 7.2.0–7.2.2, and CVE-2025-59922 (CVSS 7.2) is SQL injection in FortiClient. Cisco reported three medium-severity management interface issues (CVE-2026-20047, CVE-2026-20075, CVE-2026-20076, all CVSS 4.8). OpenWrt/DD-WRT users should apply kernel patches for CVE-2025-71126 (CVSS 5.5), an MPTCP deadlock issue.

Recommendations

  • Immediate: Patch Fortinet's critical vulnerabilities (CVE-2025-64155, CVE-2025-47855) and buffer overflow (CVE-2025-25249)
  • This week: Roll out NETGEAR Orbi and XR1000v2 firmware updates for CVE-2026-0403–0408
  • Routine: Address TP-Link, Palo Alto, and Cisco issues on your standard patching schedule
  • Monitor your router inventory for affected models and firmware versions using RouterCVE's search tool
« All weekly digests