CVE-2026-0405
HIGHNETGEAR Orbi Firmware - Unauthenticated Authentication Bypass
Title source: llmDescription
An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.
References (26)
Core 26
Core References
Patch, Product patch
product
https://www.netgear.com/support/product/rbe971
Patch, Product patch
product
https://www.netgear.com/support/product/rbe970
Patch, Product patch
product
https://www.netgear.com/support/product/cbr750
Patch, Product patch
product
https://www.netgear.com/support/product/nbr750
Patch, Product patch
product
https://www.netgear.com/support/product/rbe770
Patch, Product patch
product
https://www.netgear.com/support/product/rbe771
Patch, Product patch
product
https://www.netgear.com/support/product/rbe772
Patch, Product patch
product
https://www.netgear.com/support/product/rbe773
Patch, Product patch
product
https://www.netgear.com/support/product/rbr750
Patch, Product patch
product
https://www.netgear.com/support/product/rbs750
Patch, Product patch
product
https://www.netgear.com/support/product/rbr840
Patch, Product patch
product
https://www.netgear.com/support/product/rbs840
Patch, Product patch
product
https://www.netgear.com/support/product/rbr850
Patch, Product patch
product
https://www.netgear.com/support/product/rbs850
Patch, Product patch
product
https://www.netgear.com/support/product/rbr860
Patch, Product patch
product
https://www.netgear.com/support/product/rbs860
Patch, Product patch
product
https://www.netgear.com/support/product/rbre950
Patch, Product patch
product
https://www.netgear.com/support/product/rbse950
Patch, Product patch
product
https://www.netgear.com/support/product/rbre960
Patch, Product patch
product
https://www.netgear.com/support/product/rbse960
Patch, Product patch
product
https://www.netgear.com/support/product/rbe370
Patch, Product patch
product
https://www.netgear.com/support/product/rbe371
Patch, Product patch
product
https://www.netgear.com/support/product/rbe372
Patch, Product patch
product
https://www.netgear.com/support/product/rbe373
Patch, Product patch
product
https://www.netgear.com/support/product/rbe374
Patch, Vendor Advisory vendor-advisory
https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory
Scores
CVSS v3
7.8
EPSS
0.0033
EPSS Percentile
24.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-287
Status
published
Products (25)
netgear/cbr750_firmware
< 4.6.14.8
netgear/nbr750_firmware
< 4.6.15.14
netgear/rbe370_firmware
< 12.1.3.11
netgear/rbe371_firmware
< 12.1.3.11
netgear/rbe372_firmware
< 12.1.3.11
netgear/rbe373_firmware
< 12.1.3.11
netgear/rbe374_firmware
< 12.1.3.11
netgear/rbe770_firmware
< 10.5.20.7
netgear/rbe771_firmware
< 10.5.20.7
netgear/rbe772_firmware
< 10.5.20.7
... and 15 more
Published
Jan 13, 2026
Tracked Since
Feb 18, 2026