An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.
Weakness
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/114.html
- https://cwe.mitre.org/data/definitions/115.html
- https://cwe.mitre.org/data/definitions/151.html
- https://cwe.mitre.org/data/definitions/194.html
- https://cwe.mitre.org/data/definitions/22.html
- https://cwe.mitre.org/data/definitions/57.html
- https://cwe.mitre.org/data/definitions/593.html
- https://cwe.mitre.org/data/definitions/633.html
- https://cwe.mitre.org/data/definitions/650.html
- https://cwe.mitre.org/data/definitions/94.html
References
- https://kb.netgear.com/000070442/January-2026-NETGEAR-Security-Advisory
- https://www.netgear.com/support/product/cbr750
- https://www.netgear.com/support/product/nbr750
- https://www.netgear.com/support/product/rbe370
- https://www.netgear.com/support/product/rbe371
- https://www.netgear.com/support/product/rbe372
- https://www.netgear.com/support/product/rbe373
- https://www.netgear.com/support/product/rbe374
- https://www.netgear.com/support/product/rbe770
- https://www.netgear.com/support/product/rbe771
- https://www.netgear.com/support/product/rbe772
- https://www.netgear.com/support/product/rbe773
- https://www.netgear.com/support/product/rbe970
- https://www.netgear.com/support/product/rbe971
- https://www.netgear.com/support/product/rbr750
- https://www.netgear.com/support/product/rbr840
- https://www.netgear.com/support/product/rbr850
- https://www.netgear.com/support/product/rbr860
- https://www.netgear.com/support/product/rbre950
- https://www.netgear.com/support/product/rbre960
- https://www.netgear.com/support/product/rbs750
- https://www.netgear.com/support/product/rbs840
- https://www.netgear.com/support/product/rbs850
- https://www.netgear.com/support/product/rbs860
- https://www.netgear.com/support/product/rbse950
- https://www.netgear.com/support/product/rbse960