CVE-2026-0405 — HIGH (7.8) — White Hats Nepal

Q: What is CVE-2026-0405?

CVE-2026-0405 is a vulnerability with a CVSS score of 7.8 (HIGH). An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.

Q: How severe is CVE-2026-0405?

CVE-2026-0405 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-0405?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Cbr750 Firmware, Netgear Cbr750, Netgear Nbr750 Firmware, Netgear Nbr750, Netgear Rbe370 Firmware.

Vulnerability Description

An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Netgear	Cbr750 Firmware	< 4.6.14.8
Netgear	Cbr750	-
Netgear	Nbr750 Firmware	< 4.6.15.14
Netgear	Nbr750	-
Netgear	Rbe370 Firmware	< 12.1.3.11
Netgear	Rbe370	-
Netgear	Rbe371 Firmware	< 12.1.3.11
Netgear	Rbe371	-
Netgear	Rbe372 Firmware	< 12.1.3.11
Netgear	Rbe372	-
Netgear	Rbe373 Firmware	< 12.1.3.11
Netgear	Rbe373	-
Netgear	Rbe374 Firmware	< 12.1.3.11
Netgear	Rbe374	-
Netgear	Rbe770 Firmware	< 10.5.20.7
Netgear	Rbe770	-
Netgear	Rbe771 Firmware	< 10.5.20.7
Netgear	Rbe771	-
Netgear	Rbe772 Firmware	< 10.5.20.7
Netgear	Rbe772	-

Related Weaknesses (CWE)

CWE-287

References

https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-AdvisoryPatchVendor Advisory
https://www.netgear.com/support/product/cbr750PatchProduct
https://www.netgear.com/support/product/nbr750PatchProduct
https://www.netgear.com/support/product/rbe370PatchProduct
https://www.netgear.com/support/product/rbe371PatchProduct
https://www.netgear.com/support/product/rbe372PatchProduct
https://www.netgear.com/support/product/rbe373PatchProduct
https://www.netgear.com/support/product/rbe374PatchProduct
https://www.netgear.com/support/product/rbe770PatchProduct
https://www.netgear.com/support/product/rbe771PatchProduct
https://www.netgear.com/support/product/rbe772PatchProduct
https://www.netgear.com/support/product/rbe773PatchProduct
https://www.netgear.com/support/product/rbe970PatchProduct
https://www.netgear.com/support/product/rbe971PatchProduct
https://www.netgear.com/support/product/rbr750PatchProduct

FAQ

What is CVE-2026-0405?

CVE-2026-0405 is a vulnerability with a CVSS score of 7.8 (HIGH). An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.

How severe is CVE-2026-0405?

CVE-2026-0405 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-0405?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Cbr750 Firmware, Netgear Cbr750, Netgear Nbr750 Firmware, Netgear Nbr750, Netgear Rbe370 Firmware.