CVE-2026-0405

Description

An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.

CVSS breakdown

CVSS 4.0

Attack Vector

Adjacent

Attack Complexity

Low

Attack Requirements

None

Privileges Required

Low

User Interaction

None

Confidentiality (Vulnerable System)

High

Integrity (Vulnerable System)

High

Availability (Vulnerable System)

High

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

E

Unchanged

AU

None

R

Unchanged

V

D

RE

M

U

Amber

Affected products

NETGEAR / CBR7500 – V4.6.14.8
NETGEAR / NBR7500 – V4.6.15.14
NETGEAR / RBE3700 – v12.1.3.11
NETGEAR / RBE3710 – v12.1.3.11
NETGEAR / RBE3720 – v12.1.3.11
NETGEAR / RBE3730 – v12.1.3.11
NETGEAR / RBE3740 – v12.1.3.11
NETGEAR / RBE7700 – v10.5.20.7
NETGEAR / RBE7710 – v10.5.20.7
NETGEAR / RBE7720 – v10.5.20.7
NETGEAR / RBE7730 – v10.5.20.7
NETGEAR / RBE9700 – v9.13.2.1
NETGEAR / RBE9710 – v9.13.2.1
NETGEAR / RBR7500 – v7.2.8.2
NETGEAR / RBR8400 – v7.2.8.2
NETGEAR / RBR8500 – v7.2.8.2
NETGEAR / RBR8600 – v7.2.8.2
NETGEAR / RBRE9500 – v7.2.8.2
NETGEAR / RBRE9600 – v7.2.8.2
NETGEAR / RBS7500 – v7.2.8.2
NETGEAR / RBS8400 – v7.2.8.2
NETGEAR / RBS8500 – v7.2.8.2
NETGEAR / RBS8600 – v7.2.8.2
NETGEAR / RBSE9500 – v7.2.8.2
NETGEAR / RBSE9600 – v7.2.8.2

Description

CVSS breakdown

Affected products

References