CVE-2026-0407
Unknown Unknown - Not Provided
Insufficient Authentication in NETGEAR WiFi Extenders Allows Admin Access

Publication date: 2026-01-13

Last updated on: 2026-02-20

Assigner: Netgear, Inc.

Description
An insufficient authentication vulnerability in NETGEAR WiFi range extenders allows a network adjacent attacker with WiFi authentication or a physical Ethernet port connection to bypass the authentication process and access the admin panel.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-02-20
Generated
2026-06-16
AI Q&A
2026-01-14
EPSS Evaluated
2026-06-15
NVD
CVE-2026-0407
EUVD
EUVD-2026-2231
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
netgear ex5000_firmware to 1.0.1.82 (exc)
netgear ex3110_firmware to 1.0.1.82 (exc)
netgear ex6110_firmware to 1.0.1.82 (exc)
netgear ex2800_firmware to 1.0.1.82 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an insufficient authentication flaw in NETGEAR WiFi range extenders. It allows an attacker who is either connected to the WiFi network or physically connected via an Ethernet port to bypass the authentication process and gain access to the device's admin panel.

Impact Analysis

If exploited, this vulnerability could allow an attacker to access the admin panel of the NETGEAR WiFi range extender without proper authentication. This could lead to unauthorized changes to device settings, potential network compromise, and exposure of sensitive network information.

Mitigation Strategies

To mitigate this vulnerability, ensure that your NETGEAR WiFi range extender has the latest firmware installed. If your device does not have automatic updates enabled, manually verify the firmware version and update it to the latest release provided by NETGEAR to prevent exploitation. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0407. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart