No less than five security flaws have been identified in the Netgear RAX30 router that could chain together to bypass authentication and execute code remotely.
Claroty security researcher Uri Katz said in the report, “A successful exploit could allow an attacker to monitor users’ internet activity, hijack their internet connection, or redirect traffic to malicious websites. , and may inject malware into network traffic.”
In addition, network-adjacent attackers could also weaponize this flaw to gain access and control of network-connected smart devices such as security cameras, thermostats, and smart locks. They can also tamper with router settings and use compromised networks to launch attacks against other devices and networks.
Here is the list of flaws demonstrated at the Pwn2Own hacking contest in Toronto in December 2022:
- CVE-2023-27357 (CVSS Score: 6.5) – Missing Credentials Vulnerability Exposed
- CVE-2023-27368 (CVSS score: 8.8) – Stack-based buffer overflow authentication bypass vulnerability
- CVE-2023-27369 (CVSS score: 8.8) – Stack-based buffer overflow authentication bypass vulnerability
- CVE-2023-27370 (CVSS score: 5.7) – Plaintext storage information disclosure vulnerability in device configuration
- CVE-2023-27367 (CVSS Score: 8.0) – Remote Code Execution Vulnerability via Command Injection
A proof-of-concept (PoC) exploit chain demonstrated by an industrial cybersecurity company is capable of chaining CVE-2023-27357, CVE-2023-27369, CVE-2023-27368, CVE-2023-27370 flaws indicates that , CVE-2023-27367 (in that order) — Extract the serial number of the device and finally gain root access to it.
Learn how to stop ransomware with real-time protection
Join our webinar to learn how to stop ransomware attacks using real-time MFA and service account protection.
Reserve your seat!
“These five CVEs can cascade to compromise affected RAX30 routers, the most severe of which allows pre-authentication remote code execution on the device,” Katz said. .
Users of Netgear RAX30 routers are advised to update to firmware version 1.0.10.94 released by the network company on April 7, 2023 to address the defect and reduce potential risks.
