CVE-2026-0405
Unknown Unknown - Not Provided
Authentication Bypass in NETGEAR Orbi Allows Admin Access

Publication date: 2026-01-13

Last updated on: 2026-02-12

Assigner: Netgear, Inc.

Description
An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-02-12
Generated
2026-06-16
AI Q&A
2026-01-14
EPSS Evaluated
2026-06-14
NVD
CVE-2026-0405
EUVD
EUVD-2026-2237
Affected Vendors & Products
Showing 25 associated CPEs
Vendor Product Version / Range
netgear cbr750_firmware to 4.6.14.8 (exc)
netgear nbr750_firmware to 4.6.15.14 (exc)
netgear rbe370_firmware to 12.1.3.11 (exc)
netgear rbe371_firmware to 12.1.3.11 (exc)
netgear rbe372_firmware to 12.1.3.11 (exc)
netgear rbe373_firmware to 12.1.3.11 (exc)
netgear rbe374_firmware to 12.1.3.11 (exc)
netgear rbe770_firmware to 10.5.20.7 (exc)
netgear rbe771_firmware to 10.5.20.7 (exc)
netgear rbe772_firmware to 10.5.20.7 (exc)
netgear rbe773_firmware to 10.5.20.7 (exc)
netgear rbe970_firmware to 9.13.2.1 (exc)
netgear rbe971_firmware to 9.13.2.1 (exc)
netgear rbr750_firmware to 7.2.8.2 (exc)
netgear rbr840_firmware to 7.2.8.2 (exc)
netgear rbr850_firmware to 7.2.8.2 (exc)
netgear rbr860_firmware to 7.2.8.2 (exc)
netgear rbs750_firmware to 7.2.8.2 (exc)
netgear rbs840_firmware to 7.2.8.2 (exc)
netgear rbs850_firmware to 7.2.8.2 (exc)
netgear rbs860_firmware to 7.2.8.2 (exc)
netgear rbre950_firmware to 7.2.8.2 (exc)
netgear rbre960_firmware to 7.2.8.2 (exc)
netgear rbse950_firmware to 7.2.8.2 (exc)
netgear rbse960_firmware to 7.2.8.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an authentication bypass in NETGEAR Orbi devices that allows users connected to the local network to access the router's web interface with administrative privileges without proper authentication.

Impact Analysis

An attacker or unauthorized user on the local network could gain admin access to the router's web interface, potentially allowing them to change settings, intercept network traffic, or compromise the network's security.

Mitigation Strategies

To mitigate the authentication bypass vulnerability in NETGEAR Orbi devices, ensure that your devices have the latest firmware updates installed. If automatic updates are not enabled, manually verify your firmware version and update to the latest release promptly to prevent exploitation. [13]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0405. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart