Details of VAR-202601-1483

ID

VAR-202601-1483

CVE

CVE-2026-0405

TITLE

of netgear CBR750 Authentication vulnerabilities in multiple products, including firmware

Trust: 0.8

sources: JVNDB: JVNDB-2026-003890

DESCRIPTION

An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-0405 // JVNDB: JVNDB-2026-003890

AFFECTED PRODUCTS

vendor:	netgear	model:	cbr750	scope:	lt	version:	4.6.14.8	Trust: 1.0
vendor:	netgear	model:	nbr750	scope:	lt	version:	4.6.15.14	Trust: 1.0
vendor:	netgear	model:	rbe970	scope:	lt	version:	9.13.2.1	Trust: 1.0
vendor:	netgear	model:	rbr750	scope:	lt	version:	7.2.8.2	Trust: 1.0
vendor:	netgear	model:	rbe372	scope:	lt	version:	12.1.3.11	Trust: 1.0
vendor:	netgear	model:	rbe771	scope:	lt	version:	10.5.20.7	Trust: 1.0
vendor:	netgear	model:	rbs860	scope:	lt	version:	7.2.8.2	Trust: 1.0
vendor:	netgear	model:	rbe370	scope:	lt	version:	12.1.3.11	Trust: 1.0
vendor:	netgear	model:	rbre960	scope:	lt	version:	7.2.8.2	Trust: 1.0
vendor:	netgear	model:	rbs850	scope:	lt	version:	7.2.8.2	Trust: 1.0
vendor:	netgear	model:	rbr860	scope:	lt	version:	7.2.8.2	Trust: 1.0
vendor:	netgear	model:	rbe773	scope:	lt	version:	10.5.20.7	Trust: 1.0
vendor:	netgear	model:	rbs840	scope:	lt	version:	7.2.8.2	Trust: 1.0
vendor:	netgear	model:	rbe373	scope:	lt	version:	12.1.3.11	Trust: 1.0
vendor:	netgear	model:	rbs750	scope:	lt	version:	7.2.8.2	Trust: 1.0
vendor:	netgear	model:	rbse960	scope:	lt	version:	7.2.8.2	Trust: 1.0
vendor:	netgear	model:	rbr840	scope:	lt	version:	7.2.8.2	Trust: 1.0
vendor:	netgear	model:	rbe770	scope:	lt	version:	10.5.20.7	Trust: 1.0
vendor:	netgear	model:	rbe971	scope:	lt	version:	9.13.2.1	Trust: 1.0
vendor:	netgear	model:	rbse950	scope:	lt	version:	7.2.8.2	Trust: 1.0
vendor:	netgear	model:	rbe374	scope:	lt	version:	12.1.3.11	Trust: 1.0
vendor:	netgear	model:	rbr850	scope:	lt	version:	7.2.8.2	Trust: 1.0
vendor:	netgear	model:	rbe772	scope:	lt	version:	10.5.20.7	Trust: 1.0
vendor:	netgear	model:	rbe371	scope:	lt	version:	12.1.3.11	Trust: 1.0
vendor:	netgear	model:	rbre950	scope:	lt	version:	7.2.8.2	Trust: 1.0
vendor:	ネットギア	model:	rbs840	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbe371	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbe771	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbe773	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbe373	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbse950	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbs850	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbre950	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbs860	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbr860	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbse960	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbr850	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbe772	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbs750	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbe970	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbe770	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbr750	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	cbr750	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbr840	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbre960	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	nbr750	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbe372	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbe374	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbe370	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbe971	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-003890 // NVD: CVE-2026-0405

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2026-0405
value:	HIGH
Trust: 1.0
a2826606-91e7-4eb6-899e-8484bd4575d5:	CVE-2026-0405
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2026-0405
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2026-0405
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2026-0405
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-003890 // NVD: CVE-2026-0405 // NVD: CVE-2026-0405

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Inappropriate authentication (CWE-287) [ others ]	Trust: 0.8
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-003890 // NVD: CVE-2026-0405

PATCH

title:

January 2026 NETGEAR Security Advisory - NETGEAR Support

url:

https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory

Trust: 0.8

sources: JVNDB: JVNDB-2026-003890

EXTERNAL IDS

db:	NVD	id:	CVE-2026-0405	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-003890	Trust: 0.8

sources: JVNDB: JVNDB-2026-003890 // NVD: CVE-2026-0405

REFERENCES

url:	https://www.netgear.com/support/product/rbe372	Trust: 1.8
url:	https://www.netgear.com/support/product/rbe773	Trust: 1.8
url:	https://www.netgear.com/support/product/rbe772	Trust: 1.8
url:	https://www.netgear.com/support/product/rbse950	Trust: 1.8
url:	https://www.netgear.com/support/product/cbr750	Trust: 1.8
url:	https://www.netgear.com/support/product/rbe373	Trust: 1.8
url:	https://www.netgear.com/support/product/rbr840	Trust: 1.8
url:	https://www.netgear.com/support/product/rbr750	Trust: 1.8
url:	https://www.netgear.com/support/product/nbr750	Trust: 1.8
url:	https://www.netgear.com/support/product/rbs860	Trust: 1.8
url:	https://www.netgear.com/support/product/rbs850	Trust: 1.8
url:	https://www.netgear.com/support/product/rbe374	Trust: 1.8
url:	https://www.netgear.com/support/product/rbre950	Trust: 1.8
url:	https://www.netgear.com/support/product/rbe971	Trust: 1.8
url:	https://www.netgear.com/support/product/rbe770	Trust: 1.8
url:	https://www.netgear.com/support/product/rbs840	Trust: 1.8
url:	https://www.netgear.com/support/product/rbe370	Trust: 1.8
url:	https://www.netgear.com/support/product/rbr860	Trust: 1.8
url:	https://www.netgear.com/support/product/rbre960	Trust: 1.8
url:	https://www.netgear.com/support/product/rbe771	Trust: 1.8
url:	https://www.netgear.com/support/product/rbse960	Trust: 1.8
url:	https://www.netgear.com/support/product/rbs750	Trust: 1.8
url:	https://www.netgear.com/support/product/rbe970	Trust: 1.8
url:	https://www.netgear.com/support/product/rbe371	Trust: 1.8
url:	https://www.netgear.com/support/product/rbr850	Trust: 1.8
url:	https://kb.netgear.com/000070442/january-2026-netgear-security-advisory	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-0405	Trust: 0.8

sources: JVNDB: JVNDB-2026-003890 // NVD: CVE-2026-0405

SOURCES

db:	JVNDB	id:	JVNDB-2026-003890
db:	NVD	id:	CVE-2026-0405

LAST UPDATE DATE

2026-02-19T23:41:11.738000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-003890	date:	2026-02-17T07:26:00
db:	NVD	id:	CVE-2026-0405	date:	2026-02-12T17:40:40.530

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-003890	date:	2026-02-17T00:00:00
db:	NVD	id:	CVE-2026-0405	date:	2026-01-13T16:16:10.513