CVE-2026-0405

HIGH

Netgear Cbr750 Firmware < 4.6.14.8 - Authentication Bypass

Title source: rule

Description

An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.

References (26)

[Patch, Vendor Advisory] https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory

[Patch, Product] https://www.netgear.com/support/product/cbr750

[Patch, Product] https://www.netgear.com/support/product/nbr750

[Patch, Product] https://www.netgear.com/support/product/rbe370

[Patch, Product] https://www.netgear.com/support/product/rbe371

[Patch, Product] https://www.netgear.com/support/product/rbe372

[Patch, Product] https://www.netgear.com/support/product/rbe373

[Patch, Product] https://www.netgear.com/support/product/rbe374

[Patch, Product] https://www.netgear.com/support/product/rbe770

[Patch, Product] https://www.netgear.com/support/product/rbe771

[Patch, Product] https://www.netgear.com/support/product/rbe772

[Patch, Product] https://www.netgear.com/support/product/rbe773

[Patch, Product] https://www.netgear.com/support/product/rbe970

[Patch, Product] https://www.netgear.com/support/product/rbe971

[Patch, Product] https://www.netgear.com/support/product/rbr750

[Patch, Product] https://www.netgear.com/support/product/rbr840

[Patch, Product] https://www.netgear.com/support/product/rbr850

[Patch, Product] https://www.netgear.com/support/product/rbr860

[Patch, Product] https://www.netgear.com/support/product/rbre950

[Patch, Product] https://www.netgear.com/support/product/rbre960

... and 6 more

Scores

CVSS v3 7.8

EPSS 0.0003

EPSS Percentile 8.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-287

Status published

Affected Products (25)

netgear/cbr750_firmware < 4.6.14.8

netgear/nbr750_firmware < 4.6.15.14

netgear/rbe370_firmware < 12.1.3.11

netgear/rbe371_firmware < 12.1.3.11

netgear/rbe372_firmware < 12.1.3.11

netgear/rbe373_firmware < 12.1.3.11

netgear/rbe374_firmware < 12.1.3.11

netgear/rbe770_firmware < 10.5.20.7

netgear/rbe771_firmware < 10.5.20.7

netgear/rbe772_firmware < 10.5.20.7

netgear/rbe773_firmware < 10.5.20.7

netgear/rbe970_firmware < 9.13.2.1

netgear/rbe971_firmware < 9.13.2.1

netgear/rbr750_firmware < 7.2.8.2

netgear/rbr840_firmware < 7.2.8.2

... and 10 more

Timeline

Published Jan 13, 2026

Tracked Since Feb 18, 2026