Vulnerability Description
An insufficient authentication vulnerability in NETGEAR WiFi range extenders allows a network adjacent attacker with WiFi authentication or a physical Ethernet port connection to bypass the authentication process and access the admin panel.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgear | Ex5000 Firmware | < 1.0.1.82 |
| Netgear | Ex5000 | - |
| Netgear | Ex3110 Firmware | < 1.0.1.82 |
| Netgear | Ex3110 | - |
| Netgear | Ex6110 Firmware | < 1.0.1.82 |
| Netgear | Ex6110 | - |
| Netgear | Ex2800 Firmware | < 1.0.1.82 |
| Netgear | Ex2800 | - |
Related Weaknesses (CWE)
References
- https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-AdvisoryVendor Advisory
- https://www.netgear.com/support/product/ex2800Product
- https://www.netgear.com/support/product/ex3110PatchProduct
- https://www.netgear.com/support/product/ex5000PatchProduct
- https://www.netgear.com/support/product/ex6110PatchProduct
FAQ
What is CVE-2026-0407?
CVE-2026-0407 is a vulnerability with a CVSS score of 8.0 (HIGH). An insufficient authentication vulnerability in NETGEAR WiFi range extenders allows a network adjacent attacker with WiFi authentication or a physical Ethernet port connection to bypass the authenti...
How severe is CVE-2026-0407?
CVE-2026-0407 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-0407?
Check the references section above for vendor advisories and patch information. Affected products include: Netgear Ex5000 Firmware, Netgear Ex5000, Netgear Ex3110 Firmware, Netgear Ex3110, Netgear Ex6110 Firmware.