CVE-2026-0405

HIGH

Netgear Cbr750 Firmware < 4.6.14.8 - Authentication Bypass

Title source: rule
STIX 2.1

Description

An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.

References (26)

... and 6 more

Scores

CVSS v3 7.8
EPSS 0.0003
EPSS Percentile 9.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-287
Status published
Products (25)
netgear/cbr750_firmware < 4.6.14.8
netgear/nbr750_firmware < 4.6.15.14
netgear/rbe370_firmware < 12.1.3.11
netgear/rbe371_firmware < 12.1.3.11
netgear/rbe372_firmware < 12.1.3.11
netgear/rbe373_firmware < 12.1.3.11
netgear/rbe374_firmware < 12.1.3.11
netgear/rbe770_firmware < 10.5.20.7
netgear/rbe771_firmware < 10.5.20.7
netgear/rbe772_firmware < 10.5.20.7
... and 15 more
Published Jan 13, 2026
Tracked Since Feb 18, 2026