CVE-2026-0405
HIGH WAF: Low
CVSS 7.8
Published: 2026-01-13
CWE-287
An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.
WAF Coverage Analysis
Improper Authentication
Low WAF Coverage
OWASP: A07:2021 Identification and Authentication Failures
Affected Software
| Vendor | Product | Version |
|---|---|---|
| netgear | cbr750_firmware | up to 4.6.14.8 |
| netgear | nbr750_firmware | up to 4.6.15.14 |
| netgear | rbe370_firmware | up to 12.1.3.11 |
| netgear | rbe371_firmware | up to 12.1.3.11 |
| netgear | rbe372_firmware | up to 12.1.3.11 |
| netgear | rbe373_firmware | up to 12.1.3.11 |
| netgear | rbe374_firmware | up to 12.1.3.11 |
| netgear | rbe770_firmware | up to 10.5.20.7 |
| netgear | rbe771_firmware | up to 10.5.20.7 |
| netgear | rbe772_firmware | up to 10.5.20.7 |
References
- kb.netgear.com (Patch, Vendor Advisory)
- www.netgear.com (Patch, Product)
- www.netgear.com (Patch, Product)
- www.netgear.com (Patch, Product)
- www.netgear.com (Patch, Product)
- www.netgear.com (Patch, Product)
- www.netgear.com (Patch, Product)
- www.netgear.com (Patch, Product)
- www.netgear.com (Patch, Product)
- www.netgear.com (Patch, Product)