May 12, 2023Ravi Lakshmanannetwork security/malware

No less than five security flaws have been identified in the Netgear RAX30 router that could chain together to bypass authentication and execute code remotely.

“A successful exploit could allow an attacker to monitor users’ Internet activity, hijack Internet connections, redirect traffic to malicious websites, or inject malware into network traffic. said Uri Katz, a security researcher at Claroty. Said in the report.

Additionally, a network-adjacent attacker could use this flaw to gain access and control of network-connected smart devices such as security cameras, thermostats, and smart locks. It can also tamper with router settings and use compromised networks to launch attacks against other devices and networks.

cyber security

Defect list Proven Here are the results from the Pwn2Own hacking contest in Toronto in December 2022 –

  • CVE-2023-27357 (CVSS Score: 6.5) – Missing Credentials Vulnerability Exposed
  • CVE-2023-27368 (CVSS score: 8.8) – Stack-based buffer overflow authentication bypass vulnerability
  • CVE-2023-27369 (CVSS score: 8.8) – Stack-based buffer overflow authentication bypass vulnerability
  • CVE-2023-27370 (CVSS score: 5.7) – Plaintext storage information disclosure vulnerability in device configuration
  • CVE-2023-27367 (CVSS Score: 8.0) – Remote Code Execution Vulnerability via Command Injection

A proof-of-concept (PoC) exploit chain demonstrated by an industrial cybersecurity company is capable of chaining CVE-2023-27357, CVE-2023-27369, CVE-2023-27368, CVE-2023-27370 flaws indicates that , CVE-2023-27367 (in that order) — extract the serial number of the device and finally gain root access to it.

upcoming webinars

Learn how to stop ransomware with real-time protection

Join our webinar to learn how to stop ransomware attacks using real-time MFA and service account protection.

Reserve your seat!

“These five CVEs can cascade to compromise affected RAX30 routers, the most severe of which allows pre-authentication remote code execution on the device,” Katz said. .

Users of Netgear RAX30 routers are advised to update to firmware version released by the network company on April 7, 2023 to address the defect and reduce potential risks.

Did you enjoy this article? Follow us twitter and LinkedIn To read more of the exclusive content we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog