CVE-2026-0405

An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.

Published: Jan 13, 2026
Updated: Feb 13, 2026
CVE: CVE-2026-0405
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
netgear / cbr750_firmware	-	4.6.14.8
netgear / nbr750_firmware	-	4.6.15.14
netgear / rbe370_firmware	-	12.1.3.11
netgear / rbe371_firmware	-	12.1.3.11
netgear / rbe372_firmware	-	12.1.3.11
netgear / rbe373_firmware	-	12.1.3.11
netgear / rbe374_firmware	-	12.1.3.11
netgear / rbe770_firmware	-	10.5.20.7
netgear / rbe771_firmware	-	10.5.20.7
netgear / rbe772_firmware	-	10.5.20.7
netgear / rbe773_firmware	-	10.5.20.7
netgear / rbe970_firmware	-	9.13.2.1
netgear / rbe971_firmware	-	9.13.2.1
netgear / rbr750_firmware	-	7.2.8.2
netgear / rbr840_firmware	-	7.2.8.2
netgear / rbr850_firmware	-	7.2.8.2
netgear / rbr860_firmware	-	7.2.8.2
netgear / rbs750_firmware	-	7.2.8.2
netgear / rbs840_firmware	-	7.2.8.2
netgear / rbs850_firmware	-	7.2.8.2
netgear / rbs860_firmware	-	7.2.8.2
netgear / rbre950_firmware	-	7.2.8.2
netgear / rbre960_firmware	-	7.2.8.2
netgear / rbse950_firmware	-	7.2.8.2
netgear / rbse960_firmware	-	7.2.8.2

Vulnerability Database

324,311

CVE-2026-0405

Deep Security Visibility Without the Complexity