CVE-2026-0407
Unknown Unknown - Not Provided

Insufficient Authentication in NETGEAR WiFi Extenders Allows Admin Access

Vulnerability report for CVE-2026-0407, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-13

Last updated on: 2026-02-20

Assigner: Netgear, Inc.

Description

An insufficient authentication vulnerability in NETGEAR WiFi range extenders allows a network adjacent attacker with WiFi authentication or a physical Ethernet port connection to bypass the authentication process and access the admin panel.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-13
Last Modified
2026-02-20
Generated
2026-07-06
AI Q&A
2026-01-14
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
netgear ex5000_firmware to 1.0.1.82 (exc)
netgear ex3110_firmware to 1.0.1.82 (exc)
netgear ex6110_firmware to 1.0.1.82 (exc)
netgear ex2800_firmware to 1.0.1.82 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an insufficient authentication flaw in NETGEAR WiFi range extenders. It allows an attacker who is either connected to the WiFi network or physically connected via an Ethernet port to bypass the authentication process and gain access to the device's admin panel.

Impact Analysis

If exploited, this vulnerability could allow an attacker to access the admin panel of the NETGEAR WiFi range extender without proper authentication. This could lead to unauthorized changes to device settings, potential network compromise, and exposure of sensitive network information.

Mitigation Strategies

To mitigate this vulnerability, ensure that your NETGEAR WiFi range extender has the latest firmware installed. If your device does not have automatic updates enabled, manually verify the firmware version and update it to the latest release provided by NETGEAR to prevent exploitation. [2]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0407. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart