CVE-2026-0407
HIGH WAF: Low
CVSS 8.0
Published: 2026-01-13
CWE-287
An insufficient authentication vulnerability in NETGEAR WiFi range extenders allows a network adjacent attacker with WiFi authentication or a physical Ethernet port connection to bypass the authentication process and access the admin panel.
WAF Coverage Analysis
Improper Authentication
Low WAF Coverage
OWASP: A07:2021 Identification and Authentication Failures
Affected Software
| Vendor | Product | Version |
|---|---|---|
| netgear | ex5000_firmware | up to 1.0.1.82 |
| netgear | ex3110_firmware | up to 1.0.1.82 |
| netgear | ex6110_firmware | up to 1.0.1.82 |
| netgear | ex2800_firmware | up to 1.0.1.82 |
References
- kb.netgear.com (Vendor Advisory)
- www.netgear.com (Product)
- www.netgear.com (Patch, Product)
- www.netgear.com (Patch, Product)
- www.netgear.com (Patch, Product)