CVE-2026-0405 - Vulnerability Details

An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00032.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Netgear	Cbr750 Cbr750 Firmware Nbr750 Nbr750 Firmware Rbe370 Rbe370 Firmware Rbe371 Rbe371 Firmware Rbe372 Rbe372 Firmware Rbe373 Rbe373 Firmware Rbe374 Rbe374 Firmware Rbe770 Rbe770 Firmware Rbe771 Rbe771 Firmware Rbe772 Rbe772 Firmware Rbe773 Rbe773 Firmware Rbe970 Rbe970 Firmware Rbe971 Rbe971 Firmware Rbr750 Rbr750 Firmware Rbr840 Rbr840 Firmware Rbr850 Rbr850 Firmware Rbr860 Rbr860 Firmware Rbre950 Rbre950 Firmware Rbre960 Rbre960 Firmware Rbs750 Rbs750 Firmware Rbs840 Rbs840 Firmware Rbs850 Rbs850 Firmware Rbs860 Rbs860 Firmware Rbse950 Rbse950 Firmware Rbse960 Rbse960 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:netgear:cbr750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:cbr750:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:netgear:nbr750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:nbr750:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:netgear:rbe370_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbe370:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:netgear:rbe371_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbe371:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:netgear:rbe372_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbe372:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:netgear:rbe373_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbe373:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:netgear:rbe374_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbe374:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:netgear:rbe770_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbe770:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:netgear:rbe771_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbe771:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:netgear:rbe772_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbe772:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:netgear:rbe773_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbe773:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:netgear:rbe970_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbe970:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:netgear:rbe971_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbe971:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:netgear:rbr750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr750:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:netgear:rbr840_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr840:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:netgear:rbr850_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr850:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:netgear:rbr860_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbr860:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:netgear:rbs750_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs750:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:netgear:rbs840_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs840:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:netgear:rbs850_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs850:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:netgear:rbs860_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbs860:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:netgear:rbre950_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbre950:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:netgear:rbre960_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbre960:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:netgear:rbse950_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbse950:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:netgear:rbse960_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:netgear:rbse960:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory
https://www.netgear.com/support/product/cbr750
https://www.netgear.com/support/product/nbr750
https://www.netgear.com/support/product/rbe370
https://www.netgear.com/support/product/rbe371
https://www.netgear.com/support/product/rbe372
https://www.netgear.com/support/product/rbe373
https://www.netgear.com/support/product/rbe374
https://www.netgear.com/support/product/rbe770
https://www.netgear.com/support/product/rbe771
https://www.netgear.com/support/product/rbe772
https://www.netgear.com/support/product/rbe773
https://www.netgear.com/support/product/rbe970
https://www.netgear.com/support/product/rbe971
https://www.netgear.com/support/product/rbr750
https://www.netgear.com/support/product/rbr840
https://www.netgear.com/support/product/rbr850
https://www.netgear.com/support/product/rbr860
https://www.netgear.com/support/product/rbre950
https://www.netgear.com/support/product/rbre960
https://www.netgear.com/support/product/rbs750
https://www.netgear.com/support/product/rbs840
https://www.netgear.com/support/product/rbs850
https://www.netgear.com/support/product/rbs860
https://www.netgear.com/support/product/rbse950
https://www.netgear.com/support/product/rbse960

History

Thu, 12 Feb 2026 17:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Netgear cbr750 Firmware Netgear nbr750 Firmware Netgear rbe370 Firmware Netgear rbe371 Firmware Netgear rbe372 Firmware Netgear rbe373 Firmware Netgear rbe374 Firmware Netgear rbe770 Firmware Netgear rbe771 Firmware Netgear rbe772 Firmware Netgear rbe773 Firmware Netgear rbe970 Firmware Netgear rbe971 Firmware Netgear rbr750 Firmware Netgear rbr840 Firmware Netgear rbr850 Firmware Netgear rbr860 Firmware Netgear rbre950 Firmware Netgear rbre960 Firmware Netgear rbs750 Firmware Netgear rbs840 Firmware Netgear rbs850 Firmware Netgear rbs860 Firmware Netgear rbse950 Firmware Netgear rbse960 Firmware
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:h:netgear:cbr750:-:::::::* cpe:2.3:h:netgear:nbr750:-:::::::* cpe:2.3:h:netgear:rbe370:-:::::::* cpe:2.3:h:netgear:rbe371:-:::::::* cpe:2.3:h:netgear:rbe372:-:::::::* cpe:2.3:h:netgear:rbe373:-:::::::* cpe:2.3:h:netgear:rbe374:-:::::::* cpe:2.3:h:netgear:rbe770:-:::::::* cpe:2.3:h:netgear:rbe771:-:::::::* cpe:2.3:h:netgear:rbe772:-:::::::* cpe:2.3:h:netgear:rbe773:-:::::::* cpe:2.3:h:netgear:rbe970:-:::::::* cpe:2.3:h:netgear:rbe971:-:::::::* cpe:2.3:h:netgear:rbr750:-:::::::* cpe:2.3:h:netgear:rbr840:-:::::::* cpe:2.3:h:netgear:rbr850:-:::::::* cpe:2.3:h:netgear:rbr860:-:::::::* cpe:2.3:h:netgear:rbre950:-:::::::* cpe:2.3:h:netgear:rbre960:-:::::::* cpe:2.3:h:netgear:rbs750:-:::::::* cpe:2.3:h:netgear:rbs840:-:::::::* cpe:2.3:h:netgear:rbs850:-:::::::* cpe:2.3:h:netgear:rbs860:-:::::::* cpe:2.3:h:netgear:rbse950:-:::::::* cpe:2.3:h:netgear:rbse960:-:::::::* cpe:2.3:o:netgear:cbr750_firmware:::::::: cpe:2.3:o:netgear:nbr750_firmware:::::::: cpe:2.3:o:netgear:rbe370_firmware:::::::: cpe:2.3:o:netgear:rbe371_firmware:::::::: cpe:2.3:o:netgear:rbe372_firmware:::::::: cpe:2.3:o:netgear:rbe373_firmware:::::::: cpe:2.3:o:netgear:rbe374_firmware:::::::: cpe:2.3:o:netgear:rbe770_firmware:::::::: cpe:2.3:o:netgear:rbe771_firmware:::::::: cpe:2.3:o:netgear:rbe772_firmware:::::::: cpe:2.3:o:netgear:rbe773_firmware:::::::: cpe:2.3:o:netgear:rbe970_firmware:::::::: cpe:2.3:o:netgear:rbe971_firmware:::::::: cpe:2.3:o:netgear:rbr750_firmware:::::::: cpe:2.3:o:netgear:rbr840_firmware:::::::: cpe:2.3:o:netgear:rbr850_firmware:::::::: cpe:2.3:o:netgear:rbr860_firmware:::::::: cpe:2.3:o:netgear:rbre950_firmware:::::::: cpe:2.3:o:netgear:rbre960_firmware:::::::: cpe:2.3:o:netgear:rbs750_firmware:::::::: cpe:2.3:o:netgear:rbs840_firmware:::::::: cpe:2.3:o:netgear:rbs850_firmware:::::::: cpe:2.3:o:netgear:rbs860_firmware:::::::: cpe:2.3:o:netgear:rbse950_firmware:::::::: cpe:2.3:o:netgear:rbse960_firmware::::::::
Vendors & Products		Netgear cbr750 Firmware Netgear nbr750 Firmware Netgear rbe370 Firmware Netgear rbe371 Firmware Netgear rbe372 Firmware Netgear rbe373 Firmware Netgear rbe374 Firmware Netgear rbe770 Firmware Netgear rbe771 Firmware Netgear rbe772 Firmware Netgear rbe773 Firmware Netgear rbe970 Firmware Netgear rbe971 Firmware Netgear rbr750 Firmware Netgear rbr840 Firmware Netgear rbr850 Firmware Netgear rbr860 Firmware Netgear rbre950 Firmware Netgear rbre960 Firmware Netgear rbs750 Firmware Netgear rbs840 Firmware Netgear rbs850 Firmware Netgear rbs860 Firmware Netgear rbse950 Firmware Netgear rbse960 Firmware
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Tue, 13 Jan 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 13 Jan 2026 16:30:00 +0000

Type	Values Removed	Values Added
References		https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory

Tue, 13 Jan 2026 16:15:00 +0000

Type	Values Removed	Values Added
Description		An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.
Title		Authentication Bypass in NETGEAR Orbi Devices
First Time appeared		Netgear Netgear cbr750 Netgear nbr750 Netgear rbe370 Netgear rbe371 Netgear rbe372 Netgear rbe373 Netgear rbe374 Netgear rbe770 Netgear rbe771 Netgear rbe772 Netgear rbe773 Netgear rbe970 Netgear rbe971 Netgear rbr750 Netgear rbr840 Netgear rbr850 Netgear rbr860 Netgear rbre950 Netgear rbre960 Netgear rbs750 Netgear rbs840 Netgear rbs850 Netgear rbs860 Netgear rbse950 Netgear rbse960
Weaknesses		CWE-287
CPEs		cpe:2.3:h:netgear:cbr750:::::::: cpe:2.3:h:netgear:nbr750:::::::: cpe:2.3:h:netgear:rbe370:::::::: cpe:2.3:h:netgear:rbe371:::::::: cpe:2.3:h:netgear:rbe372:::::::: cpe:2.3:h:netgear:rbe373:::::::: cpe:2.3:h:netgear:rbe374:::::::: cpe:2.3:h:netgear:rbe770:::::::: cpe:2.3:h:netgear:rbe771:::::::: cpe:2.3:h:netgear:rbe772:::::::: cpe:2.3:h:netgear:rbe773:::::::: cpe:2.3:h:netgear:rbe970:::::::: cpe:2.3:h:netgear:rbe971:::::::: cpe:2.3:h:netgear:rbr750:::::::: cpe:2.3:h:netgear:rbr840:::::::: cpe:2.3:h:netgear:rbr850:::::::: cpe:2.3:h:netgear:rbr860:::::::: cpe:2.3:h:netgear:rbre950:::::::: cpe:2.3:h:netgear:rbre960:::::::: cpe:2.3:h:netgear:rbs750:::::::: cpe:2.3:h:netgear:rbs840:::::::: cpe:2.3:h:netgear:rbs850:::::::: cpe:2.3:h:netgear:rbs860:::::::: cpe:2.3:h:netgear:rbse950:::::::: cpe:2.3:h:netgear:rbse960::::::::
Vendors & Products		Netgear Netgear cbr750 Netgear nbr750 Netgear rbe370 Netgear rbe371 Netgear rbe372 Netgear rbe373 Netgear rbe374 Netgear rbe770 Netgear rbe771 Netgear rbe772 Netgear rbe773 Netgear rbe970 Netgear rbe971 Netgear rbr750 Netgear rbr840 Netgear rbr850 Netgear rbr860 Netgear rbre950 Netgear rbre960 Netgear rbs750 Netgear rbs840 Netgear rbs850 Netgear rbs860 Netgear rbse950 Netgear rbse960
References		https://www.netgear.com/support/product/cbr750 https://www.netgear.com/support/product/nbr750 https://www.netgear.com/support/product/rbe370 https://www.netgear.com/support/product/rbe371 https://www.netgear.com/support/product/rbe372 https://www.netgear.com/support/product/rbe373 https://www.netgear.com/support/product/rbe374 https://www.netgear.com/support/product/rbe770 https://www.netgear.com/support/product/rbe771 https://www.netgear.com/support/product/rbe772 https://www.netgear.com/support/product/rbe773 https://www.netgear.com/support/product/rbe970 https://www.netgear.com/support/product/rbe971 https://www.netgear.com/support/product/rbr750 https://www.netgear.com/support/product/rbr840 https://www.netgear.com/support/product/rbr850 https://www.netgear.com/support/product/rbr860 https://www.netgear.com/support/product/rbre950 https://www.netgear.com/support/product/rbre960 https://www.netgear.com/support/product/rbs750 https://www.netgear.com/support/product/rbs840 https://www.netgear.com/support/product/rbs850 https://www.netgear.com/support/product/rbs860 https://www.netgear.com/support/product/rbse950 https://www.netgear.com/support/product/rbse960
Metrics		cvssV4_0 `{'score': 6.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber'}`

MITRE

Status: PUBLISHED

Assigner: NETGEAR

Published: 2026-01-13T16:00:48.296Z

Updated: 2026-02-26T15:04:44.730Z

Reserved: 2025-12-03T04:16:11.511Z

Link: CVE-2026-0405

Vulnrichment

Updated: 2026-01-13T18:50:53.486Z

NVD

Status : Analyzed

Published: 2026-01-13T16:16:10.513

Modified: 2026-02-12T17:40:40.530

Link: CVE-2026-0405

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object