CVE-2026-0405
Authentication Bypass in NETGEAR Orbi Devices
An authentication bypass vulnerability in NETGEAR Orbi devices allows
users connected to the local network to access the router web interface
as an admin.
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber
Affected products
NETGEAR · CBR750NETGEAR · NBR750NETGEAR · RBE370NETGEAR · RBE371NETGEAR · RBE372NETGEAR · RBE373NETGEAR · RBE374NETGEAR · RBE770NETGEAR · RBE771NETGEAR · RBE772NETGEAR · RBE773NETGEAR · RBE970NETGEAR · RBE971NETGEAR · RBR750NETGEAR · RBR840NETGEAR · RBR850NETGEAR · RBR860NETGEAR · RBRE950NETGEAR · RBRE960NETGEAR · RBS750NETGEAR · RBS840NETGEAR · RBS850NETGEAR · RBS860NETGEAR · RBSE950NETGEAR · RBSE960Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisoryhttps://www.netgear.com/support/product/cbr750https://www.netgear.com/support/product/nbr750https://www.netgear.com/support/product/rbe370https://www.netgear.com/support/product/rbe371https://www.netgear.com/support/product/rbe372https://www.netgear.com/support/product/rbe373https://www.netgear.com/support/product/rbe374https://www.netgear.com/support/product/rbe770https://www.netgear.com/support/product/rbe771https://www.netgear.com/support/product/rbe772https://www.netgear.com/support/product/rbe773