How severe is CVE-2020-10923?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2020-10923?

This is classified as CWE-305, which is a common weakness in software security.

CVE-2020-10923

MEDIUM Year: 2020

CVSS v3 Score

6.5

Medium

CVSS v2 Score

8.3

High

Weakness Type

CWE-305

View all →

Vulnerability Description

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A crafted UPnP message can be used to bypass authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9642.

CVE-2022-0451

MEDIUM

CVSS:6.5(Medium)

Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By...

CWE-3052022

CVE-2022-40723

MEDIUM

CVSS:6.5(Medium)

The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations.

CWE-3052022

CVE-2024-38433

MEDIUM

CVSS:6.7(Medium)

Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-...

CWE-3052024

CVE-2025-31192

MEDIUM

CVSS:6.7(Medium)

The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A website may be able to access sensor information without user consent.

CWE-3052025

CVE-2025-27370

MEDIUM

CVSS:6.9(Medium)

OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations. When the private_key_jwt authentication mechanism is used, a malicious Authorization Server could trick a ...

CWE-3052025

CVE-2025-27371

MEDIUM

CVSS:6.9(Medium)

In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0 Client Authentication mechanism is used, there are ambiguities in the audience values of JWTs sent to au...

CWE-3052025

CVE-2020-10923

Vulnerability Description

Related Vulnerabilities

CVE-2022-0451

CVE-2022-40723

CVE-2024-38433

CVE-2025-31192

CVE-2025-27370

CVE-2025-27371