Authentication Bypass Vulnerability in NETGEAR Orbi Devices
CVE-2026-0405

6.1MEDIUM

Key Information:

Vendor: Netgear
Status: Rbe970; Rbe971; Cbr750; Nbr750
Vendor: CVE Published:; 13 January 2026

What is CVE-2026-0405?

An authentication bypass vulnerability in NETGEAR Orbi devices enables unauthorized users connected to the local network to gain access to the router's web interface with administrative privileges. This flaw poses a significant security risk, allowing potentially malicious actors to alter device settings and compromise the network. It is crucial for users of affected NETGEAR Orbi devices to apply the latest security updates to mitigate this risk effectively.

Affected Version(s)

CBR750 0

NBR750 0

RBE370 0

References

https://www.netgear.com/support/product/rbe971

patchproduct

https://www.netgear.com/support/product/rbe970

patchproduct

https://www.netgear.com/support/product/cbr750

patchproduct

CVSS V4

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 13, 2026
Vulnerability Reserved
Dec 3, 2025

Credit

Fulaige

CVE-2026-0405 Data

JSON

Netgear

What is CVE-2026-0405?

Affected Version(s)

References

CVSS V4

Timeline

Credit