CVE-2026-0407 — Improper Authentication in Netgear Ex2800

CWE-287 — Improper Authentication3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.1%

top 77.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Ex2800 Netgear Ex3110 Netgear Ex5000 +5 more

Timeline

PublishedJan 13

Description

An insufficient authentication vulnerability in NETGEAR WiFi range extenders allows a network adjacent attacker with WiFi authentication or a physical Ethernet port connection to bypass the authentication process and access the admin panel.

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages8 packages

▶CVEListV5netgear/ex2800< v1.0.1.82

▶CVEListV5netgear/ex3110< v1.0.1.82

▶CVEListV5netgear/ex5000< v1.0.1.82

▶CVEListV5netgear/ex6110< v1.0.1.82

▶NVDnetgear/ex2800_firmware< 1.0.1.82

Patches

Patch: www.netgear.com ↗Patch: www.netgear.com ↗Patch: www.netgear.com ↗

🔴Vulnerability Details

CVEList

Authentication bypass in NETGEAR WiFi Range Extenders via network adjacent attacks↗2026-01-13

▶

GHSA

GHSA-56jh-3q9p-9x3q: An insufficient authentication vulnerability in NETGEAR WiFi range extenders allows a network adjacent attacker with WiFi authentication or a physical↗2026-01-13

▶