Cyber Posture

CVE-2026-0405

High

Published: 13 January 2026

Published
13 January 2026
Modified
12 February 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0003 9.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-0405 is a high-severity Improper Authentication (CWE-287) vulnerability in Netgear Cbr750 Firmware. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 9.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-8 (Identification and Authentication (Non-organizational Users)).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations and authentication for access to the router web admin interface, directly countering the authentication bypass vulnerability.

SI-2 Flaw Remediation good match
prevent

Remediates the specific authentication bypass flaw in NETGEAR Orbi firmware through identification, reporting, and application of vendor-provided updates.

IA-8 Identification and Authentication (Non-organizational Users) good match
prevent

Requires identification and authentication of non-organizational users on the local network accessing the router web interface, preventing unauthorized admin access.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Authentication bypass on LAN-accessible router web interface directly enables local privilege escalation to admin (T1068) and exploitation of the management application (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.

Deeper analysisAI

CVE-2026-0405 is an authentication bypass vulnerability (CWE-287) in NETGEAR Orbi devices, enabling users connected to the local network to access the router web interface as an administrator. Published on January 13, 2026, it affects models including CBR750, NBR750, RBE370, and RBE371, as indicated by the vendor's product support pages. The issue carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), reflecting high potential impact from local exploitation.

A local attacker with network access and low privileges, such as another user on the same LAN, can exploit this vulnerability with low complexity and no user interaction. Exploitation bypasses authentication to gain full administrative control over the router web interface, resulting in high confidentiality, integrity, and availability impacts, such as unauthorized configuration changes, data extraction, or service disruption.

NETGEAR's January 2026 Security Advisory provides details on the vulnerability at https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory. Practitioners should review this advisory along with support pages for the affected products (https://www.netgear.com/support/product/cbr750, https://www.netgear.com/support/product/nbr750, https://www.netgear.com/support/product/rbe370, https://www.netgear.com/support/product/rbe371) for firmware updates and mitigation guidance.

Details

CWE(s)
CWE-287NVD-CWE-noinfo

Affected Products

netgear
cbr750 firmware
≤ 4.6.14.8
netgear
nbr750 firmware
≤ 4.6.15.14
netgear
rbe370 firmware
≤ 12.1.3.11
netgear
rbe371 firmware
≤ 12.1.3.11
netgear
rbe372 firmware
≤ 12.1.3.11
netgear
rbe373 firmware
≤ 12.1.3.11
netgear
rbe374 firmware
≤ 12.1.3.11
netgear
rbe770 firmware
≤ 10.5.20.7
netgear
rbe771 firmware
≤ 10.5.20.7
netgear
rbe772 firmware
≤ 10.5.20.7
+15 more product configuration(s) — see NVD for full list

CVEs Like This One

CVE-2024-57046Same vendor: Netgear
CVE-2026-0407Same vendor: Netgear
CVE-2026-0408Same vendor: Netgear
CVE-2026-0404Same product: Netgear Rbr750
CVE-2026-0403Same product: Netgear Rbe970
CVE-2024-57490Shared CWE-287
CVE-2025-67158Shared CWE-287
CVE-2026-33665Shared CWE-287
CVE-2024-54809Same vendor: Netgear
CVE-2025-56333Shared CWE-287

References