CVE-2026-0405: Authentication Bypass in NETGEAR Orbi Devices
Platform
netgear
Component
netgear-orbi-devices
Fixed in
9.13.2.1
4.6.14.8
4.6.15.14
10.5.20.7
7.2.8.2
CVE-2026-0405 describes an authentication bypass vulnerability affecting NETGEAR Orbi devices. This flaw allows users connected to the local network to gain administrative access to the router's web interface without proper authentication. The vulnerability impacts Orbi devices running versions up to and including v12.1.3.11. A firmware update to v12.1.3.11 has been released to address the issue.
Impact and Attack Scenarios
Successful exploitation of CVE-2026-0405 grants an attacker complete administrative control over the affected NETGEAR Orbi device. This includes the ability to modify network settings, access sensitive data stored on the router, and potentially compromise connected devices on the local network. An attacker could, for example, redirect traffic through a malicious server, install malware on connected devices, or steal user credentials. The blast radius extends to all devices connected to the compromised Orbi network.
Exploitation Context
CVE-2026-0405 was publicly disclosed on 2026-01-13. No public proof-of-concept exploits are currently known. The EPSS score is pending evaluation. This vulnerability is not currently listed on the CISA KEV catalog.
Threat Intelligence
Exploit Status
EPSS
0.03% (9% percentile)
CISA SSVC
Affected Software
Weakness Classification (CWE)
Timeline
- Reserved
- Published
- Modified
- EPSS updated
Mitigation and Workarounds
The primary mitigation for CVE-2026-0405 is to immediately upgrade affected NETGEAR Orbi devices to firmware version v12.1.3.11 or later. If upgrading is not immediately feasible due to compatibility concerns or network downtime requirements, consider segmenting the network to isolate the Orbi device from critical assets. While a direct workaround isn't available, regularly reviewing connected devices and monitoring network traffic for unusual activity can help detect potential compromise. After upgrading, confirm the fix by attempting to access the router’s web interface from a local network device without administrative credentials; access should be denied.
How to fix
Update the firmware on your NETGEAR Orbi device to the latest available version. This will resolve the authentication bypass vulnerability and protect your local network from unauthorized access.
CVE Security Newsletter
Vulnerability analysis and critical alerts directly to your inbox.
Frequently asked questions
What is CVE-2026-0405 — Authentication Bypass in NETGEAR Orbi Devices?
CVE-2026-0405 is a vulnerability allowing local network users to access the admin interface of NETGEAR Orbi devices without authentication. Severity is pending evaluation.
Am I affected by CVE-2026-0405 in NETGEAR Orbi Devices?
You are affected if you are using a NETGEAR Orbi device running version 12.1.3.11 or earlier.
How do I fix CVE-2026-0405 in NETGEAR Orbi Devices?
Upgrade your NETGEAR Orbi device to firmware version 12.1.3.11 or later.
Is CVE-2026-0405 being actively exploited?
There are currently no reports of active exploitation, but it's crucial to apply the patch promptly.
Where can I find the official NETGEAR advisory for CVE-2026-0405?
Please refer to the official NETGEAR security advisory for detailed information and updates: [https://kb.netgear.com/000063854/Security-Advisory-for-Authentication-Bypass-on-Orbi-Devices](https://kb.netgear.com/000063854/Security-Advisory-for-Authentication-Bypass-on-Orbi-Devices)
Is your project affected?
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.