CVE-2026-0405

Published Jan 13, 2026

Last updated 3 months ago

CVSS medium 6.1

Netgear

Overview

Description: An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
NVD status: Awaiting Analysis

Risk scores

CVSS 4.0

Type: Secondary
Base score: 6.1
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber
Severity: MEDIUM

Weaknesses

a2826606-91e7-4eb6-899e-8484bd4575d5: CWE-287

Hype score: Not currently trending

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. An attacker (suitably positioned on the network) could intercept the update request and deliver a malicious update package in order to gain arbitrary code execution on affected devices. This affects R6230 before 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 before 1.0.5.42, and XR300 before 1.0.3.72 and Orbi RBR20 before 2.7.2.26, RBR50 before 2.7.4.26, RBS20 before 2.7.2.26, and RBS50 before 2.7.4.26.•CVE-2022-40620
FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, exposes an HTTP server over the LAN interface of affected devices. This interface is vulnerable to unauthenticated arbitrary command injection through the funjsq_access_token parameter. This affects R6230 before 1.1.0.112, R6260 before 1.1.0.88, R7000 before 1.0.11.134, R8900 before 1.0.5.42, R9000 before 1.0.5.42, and XR300 before 1.0.3.72 and Orbi RBR20 before 2.7.2.26, RBR50 before 2.7.4.26, RBS20 before 2.7.2.26, and RBS50 before 2.7.4.26.•CVE-2022-40619
A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated webproc file, which records the username and password submitted to the router GUI.•CVE-2026-0408
An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN to execute OS command injections.•CVE-2026-0403
An insufficient input validation vulnerability in the NETGEAR XR1000v2 allows attackers connected to the router's LAN to execute OS command injections.•CVE-2026-0406

References

Sources include official advisories and independent security research.

https://nvd.nist.gov/vuln/detail/CVE-2026-0405
https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory
https://www.netgear.com/support/product/cbr750
https://www.netgear.com/support/product/nbr750
https://www.netgear.com/support/product/rbe370
https://www.netgear.com/support/product/rbe371
https://www.netgear.com/support/product/rbe372
https://www.netgear.com/support/product/rbe373
https://www.netgear.com/support/product/rbe374
https://www.netgear.com/support/product/rbe770
https://www.netgear.com/support/product/rbe771
https://www.netgear.com/support/product/rbe772
https://www.netgear.com/support/product/rbe773
https://www.netgear.com/support/product/rbe970
https://www.netgear.com/support/product/rbe971
https://www.netgear.com/support/product/rbr750
https://www.netgear.com/support/product/rbr840
https://www.netgear.com/support/product/rbr850
https://www.netgear.com/support/product/rbr860
https://www.netgear.com/support/product/rbre950
https://www.netgear.com/support/product/rbre960
https://www.netgear.com/support/product/rbs750
https://www.netgear.com/support/product/rbs840
https://www.netgear.com/support/product/rbs850
https://www.netgear.com/support/product/rbs860
https://www.netgear.com/support/product/rbse950
https://www.netgear.com/support/product/rbse960

Overview

Risk scores

CVSS 4.0

Weaknesses

Social media

Related CVEs

References