CVE-2026-0405

CWE-287Improper Authentication3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.0%
top 90.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
50
Netgear Cbr750Netgear Nbr750Netgear Rbe370+47 more
Timeline
PublishedJan 13

Description

An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages50 packages

CVEListV5netgear/cbr750< V4.6.14.8
CVEListV5netgear/nbr750< V4.6.15.14
CVEListV5netgear/rbe370< v12.1.3.11
CVEListV5netgear/rbe371< v12.1.3.11
CVEListV5netgear/rbe372< v12.1.3.11

Patches

Patch: kb.netgear.comPatch: www.netgear.comPatch: www.netgear.com

🔴Vulnerability Details

2
GHSA
GHSA-2cqm-696m-6jx3: An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an ad2026-01-13
CVEList
Authentication Bypass in NETGEAR Orbi Devices2026-01-13
CVE-2026-0405 (MEDIUM CVSS 6.1) | An authentication bypass vulnerabil | cvebase.io