CVE-2026-0405

An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.

CVSS

No CVSS.

References

Link	Resource
https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory
https://www.netgear.com/support/product/cbr750
https://www.netgear.com/support/product/nbr750
https://www.netgear.com/support/product/rbe370
https://www.netgear.com/support/product/rbe371
https://www.netgear.com/support/product/rbe372
https://www.netgear.com/support/product/rbe373
https://www.netgear.com/support/product/rbe374
https://www.netgear.com/support/product/rbe770
https://www.netgear.com/support/product/rbe771
https://www.netgear.com/support/product/rbe772
https://www.netgear.com/support/product/rbe773
https://www.netgear.com/support/product/rbe970
https://www.netgear.com/support/product/rbe971
https://www.netgear.com/support/product/rbr750
https://www.netgear.com/support/product/rbr840
https://www.netgear.com/support/product/rbr850
https://www.netgear.com/support/product/rbr860
https://www.netgear.com/support/product/rbre950
https://www.netgear.com/support/product/rbre960
https://www.netgear.com/support/product/rbs750
https://www.netgear.com/support/product/rbs840
https://www.netgear.com/support/product/rbs850
https://www.netgear.com/support/product/rbs860
https://www.netgear.com/support/product/rbse950
https://www.netgear.com/support/product/rbse960

Configurations

No configuration.

History

13 Jan 2026, 17:15

Type	Values Removed	Values Added
References		() https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory -

13 Jan 2026, 16:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-13 16:16

Updated : 2026-01-14 16:26

NVD link : CVE-2026-0405

Mitre link : CVE-2026-0405

CVE.ORG link : CVE-2026-0405

JSON object : View

Products Affected

No product.

CWE

CWE-287

Improper Authentication

{"id": "CVE-2026-0405", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 6.1, "Automatable": "NO", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber", "exploitMaturity": "UNREPORTED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-13T16:16:10.513", "references": [{"url": "https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}, {"url": "https://www.netgear.com/support/product/cbr750", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}, {"url": "https://www.netgear.com/support/product/nbr750", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}, {"url": "https://www.netgear.com/support/product/rbe370", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}, {"url": "https://www.netgear.com/support/product/rbe371", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}, {"url": "https://www.netgear.com/support/product/rbe372", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}, {"url": "https://www.netgear.com/support/product/rbe373", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}, {"url": "https://www.netgear.com/support/product/rbe374", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}, {"url": "https://www.netgear.com/support/product/rbe770", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}, {"url": "https://www.netgear.com/support/product/rbe771", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}, {"url": "https://www.netgear.com/support/product/rbe772", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}, {"url": "https://www.netgear.com/support/product/rbe773", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}, {"url": "https://www.netgear.com/support/product/rbe970", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}, {"url": "https://www.netgear.com/support/product/rbe971", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}, {"url": "https://www.netgear.com/support/product/rbr750", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}, {"url": "https://www.netgear.com/support/product/rbr840", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}, {"url": "https://www.netgear.com/support/product/rbr850", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}, {"url": "https://www.netgear.com/support/product/rbr860", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}, {"url": "https://www.netgear.com/support/product/rbre950", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}, {"url": "https://www.netgear.com/support/product/rbre960", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}, {"url": "https://www.netgear.com/support/product/rbs750", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}, {"url": "https://www.netgear.com/support/product/rbs840", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}, {"url": "https://www.netgear.com/support/product/rbs850", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}, {"url": "https://www.netgear.com/support/product/rbs860", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}, {"url": "https://www.netgear.com/support/product/rbse950", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}, {"url": "https://www.netgear.com/support/product/rbse960", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "a2826606-91e7-4eb6-899e-8484bd4575d5", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "An authentication bypass vulnerability in NETGEAR Orbi devices allows \nusers connected to the local network to access the router web interface \nas an admin."}], "lastModified": "2026-01-14T16:26:00.933", "sourceIdentifier": "a2826606-91e7-4eb6-899e-8484bd4575d5"}