| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.6 | $0-$5k | 0.00 |
Summary
A vulnerability described as critical has been identified in Netgear Orbi 760. The impacted element is an unknown function of the component SOAP API. Executing a manipulation can lead to improper authentication. This vulnerability is tracked as CVE-2023-41183. The attack is only possible within the local network. No exploit exists. Upgrading the affected component is recommended.
Details
A vulnerability has been found in Netgear Orbi 760 (unknown version) and classified as critical. This vulnerability affects an unknown code block of the component SOAP API. The manipulation with an unknown input leads to a improper authentication vulnerability. The CWE definition for the vulnerability is CWE-287. When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:
NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR Orbi 760 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SOAP API. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20524.
The weakness was disclosed 08/31/2023 as ZDI-23-1283. The advisory is shared for download at zerodayinitiative.com. This vulnerability was named CVE-2023-41183 since 08/24/2023. There are neither technical details nor an exploit publicly available.
Upgrading eliminates this vulnerability. The upgrade is hosted for download at kb.netgear.com.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Vendor
Name
License
Website
- Vendor: https://www.netgear.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.8VulDB Meta Temp Score: 8.6
VulDB Base Score: 8.8
VulDB Temp Score: 8.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 8.8
CNA Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Improper authenticationCWE: CWE-287
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: kb.netgear.com
Timeline
08/24/2023 🔍08/31/2023 🔍
08/31/2023 🔍
08/08/2025 🔍
Sources
Vendor: netgear.comAdvisory: ZDI-23-1283
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2023-41183 (🔍)
GCVE (CVE): GCVE-0-2023-41183
GCVE (VulDB): GCVE-100-238432
Entry
Created: 08/31/2023 07:53Updated: 08/08/2025 23:50
Changes: 08/31/2023 07:53 (40), 08/08/2025 23:50 (27)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.