Description
An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.
Problem types
CWE-287 Improper Authentication
Product status
Any version before v9.13.2.1
Any version before v9.13.2.1
Any version before V4.6.14.8
Any version before V4.6.15.14
Any version before v10.5.20.7
Any version before v10.5.20.7
Any version before v10.5.20.7
Any version before v10.5.20.7
Any version before v7.2.8.2
Any version before v7.2.8.2
Any version before v7.2.8.2
Any version before v7.2.8.2
Any version before v7.2.8.2
Any version before v7.2.8.2
Any version before v7.2.8.2
Any version before v7.2.8.2
Any version before v7.2.8.2
Any version before v7.2.8.2
Any version before v7.2.8.2
Any version before v7.2.8.2
Any version before v12.1.3.11
Any version before v12.1.3.11
Any version before v12.1.3.11
Any version before v12.1.3.11
Any version before v12.1.3.11
Credits
Fulaige
References
www.netgear.com/support/product/rbe971
www.netgear.com/support/product/rbe970
www.netgear.com/support/product/cbr750
www.netgear.com/support/product/nbr750
www.netgear.com/support/product/rbe770
www.netgear.com/support/product/rbe771
www.netgear.com/support/product/rbe772
www.netgear.com/support/product/rbe773
www.netgear.com/support/product/rbr750
www.netgear.com/support/product/rbs750
www.netgear.com/support/product/rbr840
www.netgear.com/support/product/rbs840
www.netgear.com/support/product/rbr850
www.netgear.com/support/product/rbs850
www.netgear.com/support/product/rbr860
www.netgear.com/support/product/rbs860
www.netgear.com/support/product/rbre950
www.netgear.com/support/product/rbse950
www.netgear.com/support/product/rbre960
www.netgear.com/support/product/rbse960
www.netgear.com/support/product/rbe370
www.netgear.com/support/product/rbe371
www.netgear.com/support/product/rbe372
www.netgear.com/support/product/rbe373
www.netgear.com/support/product/rbe374
kb.netgear.com/...442/January-2026-NETGEAR-Security-Advisory