CVE-2023-41183

EPSS 0.05%
Published 03.05.2024 03:15:27
Last modified 08.08.2025 18:39:57
Source zdi-disclosures@trendmicro.com
Teams watchlist Login
Open Login

NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR Orbi 760 routers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the implementation of the SOAP API. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20524.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Netgear ≫ Rbr760 Firmware Version < 6.3.8.5

Netgear ≫ Rbr760 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.131

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
zdi-disclosures@trendmicro.com	8.8	2.8	5.9	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://kb.netgear.com/000065734/Security-Advisory-for-Authentication-Bypass-on-the-RBR760-PSV-2023-0052

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-23-1283/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-41183

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-41183

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-41183

EUVD