CVE-2026-0405
published 2026-01-13CVE-2026-0405: An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.
medium6.1CVSS 4.0
AVAACLATNPRLUINVCHVIHVAHSCNSINSANEUCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUNRUVDREMUAmber
An authentication bypass vulnerability in NETGEAR Orbi devices allows
users connected to the local network to access the router web interface
as an admin.
Affected
50 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netgear | cbr750 | < V4.6.14.8 | V4.6.14.8 |
| netgear | cbr750_firmware | < 4.6.14.8 | 4.6.14.8 |
| netgear | nbr750 | < V4.6.15.14 | V4.6.15.14 |
| netgear | nbr750_firmware | < 4.6.15.14 | 4.6.15.14 |
| netgear | rbe370 | < v12.1.3.11 | v12.1.3.11 |
| netgear | rbe370_firmware | < 12.1.3.11 | 12.1.3.11 |
| netgear | rbe371 | < v12.1.3.11 | v12.1.3.11 |
| netgear | rbe371_firmware | < 12.1.3.11 | 12.1.3.11 |
| netgear | rbe372 | < v12.1.3.11 | v12.1.3.11 |
| netgear | rbe372_firmware | < 12.1.3.11 | 12.1.3.11 |
| netgear | rbe373 | < v12.1.3.11 | v12.1.3.11 |
| netgear | rbe373_firmware | < 12.1.3.11 | 12.1.3.11 |
| netgear | rbe374 | < v12.1.3.11 | v12.1.3.11 |
| netgear | rbe374_firmware | < 12.1.3.11 | 12.1.3.11 |
| netgear | rbe770 | < v10.5.20.7 | v10.5.20.7 |
| netgear | rbe770_firmware | < 10.5.20.7 | 10.5.20.7 |
| netgear | rbe771 | < v10.5.20.7 | v10.5.20.7 |
| netgear | rbe771_firmware | < 10.5.20.7 | 10.5.20.7 |
| netgear | rbe772 | < v10.5.20.7 | v10.5.20.7 |
| netgear | rbe772_firmware | < 10.5.20.7 | 10.5.20.7 |
| netgear | rbe773 | < v10.5.20.7 | v10.5.20.7 |
| netgear | rbe773_firmware | < 10.5.20.7 | 10.5.20.7 |
| netgear | rbe970 | < v9.13.2.1 | v9.13.2.1 |
| netgear | rbe970_firmware | < 9.13.2.1 | 9.13.2.1 |
| netgear | rbe971 | < v9.13.2.1 | v9.13.2.1 |