Netgear releases patches for two high-severity vulnerabilities


Two vulnerabilities affecting one of its router models and its network management software have been found by the industry leader in network hardware, Netgear. One of the vulnerabilities, identified as CVE-2023-41183, enables hackers to get access to and attack Netgear’s Orbi 760 routers without requiring authentication.

The Simple Object Access Protocol (SOAP) API, which enables communication between various software programs, has options that are where the issue is, according to the Zero Day Initiative. They said there isn’t an appropriate procedure in place to verify a person’s identification before granting them access to use particular SOAP capabilities. On the Common Vulnerability Scoring System (CVSS) scale, the widely-used public methodology for evaluating vulnerabilities, the bug gets a score of 8.8. A patch for it has already been provided by Netgear.

Read More…