HOMEVULNERABILITIESCVE-2023-23110
HIGH

CVE-2023-23110

CWE-494Published: February 2, 2023· Updated: Jun 17, 2026

7.4
CVSS v3.1

Official Description

An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification. This affects WNR612v2 Wireless Routers 1.0.0.3 and earlier, DGN1000v3 Modem Router 1.0.0.22 and earlier, D6100 WiFi DSL Modem Routers 1.0.0.63 and earlier, WNR1000v2 Wireless Routers 1.1.2.60 and earlier, XAVN2001v2 Wireless-N Extenders 0.4.0.7 and earlier, WNR2200 Wireless Routers 1.0.1.102 and earlier, WNR2500 Wireless Routers 1.0.0.34 and earlier, R8900 Smart WiFi Routers 1.0.3.6 and earlier, and R9000 Smart WiFi Routers 1.0.3.6 and earlier.

NVD Source

Technical Analysis

CVE-2023-23110 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.

The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.

A successful exploit results in full integrity compromise (data manipulation), availability disruption (denial of service), with a CVSS base score of 7.4.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorNetwork
Attack ComplexityHigh
Privileges Req.None
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityNone
IntegrityHigh
AvailabilityHigh
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Affected Vendors & Products

netgear18 product(s)
wnr612v2 firmwarewnr612v2dgn1000v3 firmwaredgn1000v3d6100 firmwared6100wnr1000v2 firmwarewnr1000v2xavn2001v2 firmwarexavn2001v2wnr2200 firmwarewnr2200+6
Source: NVD CPE · 18 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (20)

Quick Facts

CVE IDCVE-2023-23110
CVSS Score7.4 / 10
SeverityHIGH
WeaknessCWE-494
CISA KEVNo
Affected1 vendor(s)
PublishedFeb 2, 2023

Related CVEs (CWE-494)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2023-23110 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.