CVE-2026-0405
Last modified
CVE-2026-0405 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.. EPSS estimates a 0.33% chance of exploitation in the next 30 days.
Description
An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Netgear | Cbr750 Firmware | < 4.6.14.8 |
| Netgear | Nbr750 Firmware | < 4.6.15.14 |
| Netgear | Rbe370 Firmware | < 12.1.3.11 |
| Netgear | Rbe371 Firmware | < 12.1.3.11 |
| Netgear | Rbe372 Firmware | < 12.1.3.11 |
| Netgear | Rbe373 Firmware | < 12.1.3.11 |
| Netgear | Rbe374 Firmware | < 12.1.3.11 |
| Netgear | Rbe770 Firmware | < 10.5.20.7 |
| Netgear | Rbe771 Firmware | < 10.5.20.7 |
| Netgear | Rbe772 Firmware | < 10.5.20.7 |
| Netgear | Rbe773 Firmware | < 10.5.20.7 |
| Netgear | Rbe970 Firmware | < 9.13.2.1 |
| Netgear | Rbe971 Firmware | < 9.13.2.1 |
| Netgear | Rbr750 Firmware | < 7.2.8.2 |
| Netgear | Rbr840 Firmware | < 7.2.8.2 |
| Netgear | Rbr850 Firmware | < 7.2.8.2 |
| Netgear | Rbr860 Firmware | < 7.2.8.2 |
| Netgear | Rbs750 Firmware | < 7.2.8.2 |
| Netgear | Rbs840 Firmware | < 7.2.8.2 |
| Netgear | Rbs850 Firmware | < 7.2.8.2 |
| Netgear | Rbs860 Firmware | < 7.2.8.2 |
| Netgear | Rbre950 Firmware | < 7.2.8.2 |
| Netgear | Rbre960 Firmware | < 7.2.8.2 |
| Netgear | Rbse950 Firmware | < 7.2.8.2 |
| Netgear | Rbse960 Firmware | < 7.2.8.2 |
References
- https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-AdvisoryPatch, Vendor Advisory
- https://www.netgear.com/support/product/cbr750Patch, Product
- https://www.netgear.com/support/product/nbr750Patch, Product
- https://www.netgear.com/support/product/rbe370Patch, Product
- https://www.netgear.com/support/product/rbe371Patch, Product
- https://www.netgear.com/support/product/rbe372Patch, Product
- https://www.netgear.com/support/product/rbe373Patch, Product
- https://www.netgear.com/support/product/rbe374Patch, Product
- https://www.netgear.com/support/product/rbe770Patch, Product
- https://www.netgear.com/support/product/rbe771Patch, Product
- https://www.netgear.com/support/product/rbe772Patch, Product
- https://www.netgear.com/support/product/rbe773Patch, Product
- https://www.netgear.com/support/product/rbe970Patch, Product
- https://www.netgear.com/support/product/rbe971Patch, Product
- https://www.netgear.com/support/product/rbr750Patch, Product
- https://www.netgear.com/support/product/rbr840Patch, Product
- https://www.netgear.com/support/product/rbr850Patch, Product
- https://www.netgear.com/support/product/rbr860Patch, Product
- https://www.netgear.com/support/product/rbre950Patch, Product
- https://www.netgear.com/support/product/rbre960Patch, Product
- https://www.netgear.com/support/product/rbs750Patch, Product
- https://www.netgear.com/support/product/rbs840Patch, Product
- https://www.netgear.com/support/product/rbs850Patch, Product
- https://www.netgear.com/support/product/rbs860Patch, Product
- https://www.netgear.com/support/product/rbse950Patch, Product
- https://www.netgear.com/support/product/rbse960Patch, Product
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-0405?
How severe is CVE-2026-0405?
How do I fix CVE-2026-0405?
Are you affected by CVE-2026-0405?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST