Details of VAR-202308-3624

ID

VAR-202308-3624

CVE

CVE-2023-41183

TITLE

NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability

Trust: 1.3

sources: ZDI: ZDI-23-1283 // CNVD: CNVD-2025-13412

DESCRIPTION

NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR Orbi 760 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SOAP API. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-20524. of netgear RBR760 Firmware has a lack of authentication vulnerability for critical functionality.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR Orbi 760 is a tri-band Wi-Fi Mesh system router from NETGEAR. No detailed vulnerability details are available

Trust: 2.88

sources: NVD: CVE-2023-41183 // JVNDB: JVNDB-2023-029609 // ZDI: ZDI-23-1283 // CNVD: CNVD-2025-13412 // VULMON: CVE-2023-41183

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-13412

AFFECTED PRODUCTS

vendor:	netgear	model:	rbr760	scope:	lt	version:	6.3.8.5	Trust: 1.0
vendor:	ネットギア	model:	rbr760	scope:	eq	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbr760	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rbr760	scope:	eq	version:	rbr760 firmware 6.3.8.5	Trust: 0.8
vendor:	netgear	model:	orbi 760	scope:	-	version:	-	Trust: 0.7
vendor:	netgear	model:	orbi	scope:	eq	version:	760	Trust: 0.6

sources: ZDI: ZDI-23-1283 // CNVD: CNVD-2025-13412 // JVNDB: JVNDB-2023-029609 // NVD: CVE-2023-41183

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com:	CVE-2023-41183
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2023-029609
value:	HIGH
Trust: 0.8
ZDI:	CVE-2023-41183
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2025-13412
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-13412
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

zdi-disclosures@trendmicro.com:	CVE-2023-41183
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
OTHER:	JVNDB-2023-029609
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2023-41183
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-23-1283 // CNVD: CNVD-2025-13412 // JVNDB: JVNDB-2023-029609 // NVD: CVE-2023-41183

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.0
problemtype:	Lack of authentication for critical features (CWE-306) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-029609 // NVD: CVE-2023-41183

PATCH

title:	NETGEAR has issued an update to correct this vulnerability.	url:	https://kb.netgear.com/000065734/Security-Advisory-for-Authentication-Bypass-on-the-RBR760-PSV-2023-0052	Trust: 0.7
title:	Patch for NETGEAR Orbi 760 SOAP API Authentication Bypass Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/701511	Trust: 0.6

sources: ZDI: ZDI-23-1283 // CNVD: CNVD-2025-13412

EXTERNAL IDS

db:	NVD	id:	CVE-2023-41183	Trust: 4.0
db:	ZDI	id:	ZDI-23-1283	Trust: 3.2
db:	JVNDB	id:	JVNDB-2023-029609	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-20524	Trust: 0.7
db:	CNVD	id:	CNVD-2025-13412	Trust: 0.6
db:	VULMON	id:	CVE-2023-41183	Trust: 0.1

sources: ZDI: ZDI-23-1283 // CNVD: CNVD-2025-13412 // VULMON: CVE-2023-41183 // JVNDB: JVNDB-2023-029609 // NVD: CVE-2023-41183

REFERENCES

url:	https://kb.netgear.com/000065734/security-advisory-for-authentication-bypass-on-the-rbr760-psv-2023-0052	Trust: 2.5
url:	https://www.zerodayinitiative.com/advisories/zdi-23-1283/	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2023-41183	Trust: 0.8

sources: ZDI: ZDI-23-1283 // CNVD: CNVD-2025-13412 // VULMON: CVE-2023-41183 // JVNDB: JVNDB-2023-029609 // NVD: CVE-2023-41183

CREDITS

Xin'an Zhou and Zhiyun Qian

Trust: 0.7

sources: ZDI: ZDI-23-1283

SOURCES

db:	ZDI	id:	ZDI-23-1283
db:	CNVD	id:	CNVD-2025-13412
db:	VULMON	id:	CVE-2023-41183
db:	JVNDB	id:	JVNDB-2023-029609
db:	NVD	id:	CVE-2023-41183

LAST UPDATE DATE

2025-08-15T23:19:59.481000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-23-1283	date:	2023-08-30T00:00:00
db:	CNVD	id:	CNVD-2025-13412	date:	2025-06-25T00:00:00
db:	JVNDB	id:	JVNDB-2023-029609	date:	2025-08-13T05:55:00
db:	NVD	id:	CVE-2023-41183	date:	2025-08-08T18:39:57.300

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-23-1283	date:	2023-08-30T00:00:00
db:	CNVD	id:	CNVD-2025-13412	date:	2025-06-23T00:00:00
db:	JVNDB	id:	JVNDB-2023-029609	date:	2025-08-13T00:00:00
db:	NVD	id:	CVE-2023-41183	date:	2024-05-03T03:15:27.910