NETGEAR Orbi 760 SOAP API Auth Byp Vulnerability
CVE-2023-41183 Published on May 3, 2024
NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability
NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR Orbi 760 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the SOAP API. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20524.
Weakness Type
Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Products Associated with CVE-2023-41183
Want to know whenever a new CVE is published for Netgear Rbr760 Firmware? stack.watch will email you.
Affected Versions
NETGEAR Orbi 760:- Version 6.3.6.4 is affected.
- Before 6.3.8.5 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.