CVE-2026-0405

Summary

An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.

Affected Software

VendorProductVersion RangeStatus
NETGEARRBE9700 < v9.13.2.1affected
NETGEARRBE9710 < v9.13.2.1affected
NETGEARCBR7500 < V4.6.14.8affected
NETGEARNBR7500 < V4.6.15.14affected
NETGEARRBE7700 < v10.5.20.7affected
NETGEARRBE7710 < v10.5.20.7affected
NETGEARRBE7720 < v10.5.20.7affected
NETGEARRBE7730 < v10.5.20.7affected
NETGEARRBR7500 < v7.2.8.2affected
NETGEARRBS7500 < v7.2.8.2affected
NETGEARRBR8400 < v7.2.8.2affected
NETGEARRBS8400 < v7.2.8.2affected
NETGEARRBR8500 < v7.2.8.2affected
NETGEARRBS8500 < v7.2.8.2affected
NETGEARRBR8600 < v7.2.8.2affected
NETGEARRBS8600 < v7.2.8.2affected
NETGEARRBRE9500 < v7.2.8.2affected
NETGEARRBSE9500 < v7.2.8.2affected
NETGEARRBRE9600 < v7.2.8.2affected
NETGEARRBSE9600 < v7.2.8.2affected
NETGEARRBE3700 < v12.1.3.11affected
NETGEARRBE3710 < v12.1.3.11affected
NETGEARRBE3720 < v12.1.3.11affected
NETGEARRBE3730 < v12.1.3.11affected
NETGEARRBE3740 < v12.1.3.11affected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References