CVE-2023-23110

Exp

An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification. This affects WNR612v2 Wireless Routers 1.0.0.3 and earlier, DGN1000v3 Modem Router 1.0.0.22 and earlier, D6100 WiFi DSL Modem Routers 1.0.0.63 and earlier, WNR1000v2 Wireless Routers 1.1.2.60 and earlier, XAVN2001v2 Wireless-N Extenders 0.4.0.7 and earlier, WNR2200 Wireless Routers 1.0.1.102 and earlier, WNR2500 Wireless Routers 1.0.0.34 and earlier, R8900 Smart WiFi Routers 1.0.3.6 and earlier, and R9000 Smart WiFi Routers 1.0.3.6 and earlier.

Published: 2023-02-02 Last update: 2026-06-17 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2023-23110 is rated Exploit Available (58.8/100): CVSS High severity, with low exploitation likelihood (EPSS 0.57%). Core evidence: 9 public exploit reference(s) are indexed (Exploit-DB). Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2023-23110

EDB-ID Source Kind Published Link
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2023-23110

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 1.30% 0.57% -0.73%
2 2026-02-04 0.38% 1.30% +0.92%
3 2026-02-03 0.38%

Full EPSS history (21 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2023-23110

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.4 3.1 HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:H)
Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
2.2 5.2 [email protected]
7.4 3.1 HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:H)
Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
2.2 5.2 134c704f-9b21-4f2e-91b3-4a467353bcc0

Weakness enumeration for CVE-2023-23110

Affected software / configurations for CVE-2023-23110

Vendor Product Version Raw CPE
netgear wnr612v2_firmware <= 1.0.0.3 cpe:2.3:o:netgear:wnr612v2_firmware:*:*:*:*:*:*:*:*
netgear dgn1000v3_firmware <= 1.0.0.22 cpe:2.3:o:netgear:dgn1000v3_firmware:*:*:*:*:*:*:*:*
netgear d6100_firmware <= 1.0.0.63 cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*
netgear wnr1000v2_firmware <= 1.1.2.60 cpe:2.3:o:netgear:wnr1000v2_firmware:*:*:*:*:*:*:*:*
netgear xavn2001v2_firmware <= 0.4.0.7 cpe:2.3:o:netgear:xavn2001v2_firmware:*:*:*:*:*:*:*:*
netgear wnr2200_firmware <= 1.0.1.102 cpe:2.3:o:netgear:wnr2200_firmware:*:*:*:*:*:*:*:*
netgear wnr2500_firmware <= 1.0.0.34 cpe:2.3:o:netgear:wnr2500_firmware:*:*:*:*:*:*:*:*
netgear r8900_firmware <= 1.0.3.6 cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*
netgear r9000_firmware <= 1.0.3.6 cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*

References for CVE-2023-23110

URL Tags
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/BkBPIeGco Exploit Third Party Advisory
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/H1lIcXbco Exploit Third Party Advisory
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/HyZRxmb9s Exploit Third Party Advisory
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1BNhbWqi Exploit Third Party Advisory
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1qWglM5o Exploit Third Party Advisory
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1t47Ebqj Exploit Third Party Advisory
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/SJCGkb-9o Exploit Third Party Advisory
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/r1Z4BX-5i Exploit Third Party Advisory
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/ryjVZz-5s Exploit Third Party Advisory
https://www.netgear.com/about/security/ Vendor Advisory
cvelogic Threat Intelligence