No less than five security flaws have been identified in the Netgear RAX30 router that could chain together to bypass authentication and execute code remotely.
“A successful exploit could allow an attacker to monitor users’ Internet activity, hijack Internet connections, redirect traffic to malicious websites, or inject malware into network traffic. said Uri Katz, a security researcher at Claroty. Said in the report.
Additionally, a network-adjacent attacker could use this flaw to gain access and control of network-connected smart devices such as security cameras, thermostats, and smart locks. It can also tamper with router settings and use compromised networks to launch attacks against other devices and networks.
Defect list Proven Here are the results from the Pwn2Own hacking contest in Toronto in December 2022 –
- CVE-2023-27357 (CVSS Score: 6.5) – Missing Credentials Vulnerability Exposed
- CVE-2023-27368 (CVSS score: 8.8) – Stack-based buffer overflow authentication bypass vulnerability
- CVE-2023-27369 (CVSS score: 8.8) – Stack-based buffer overflow authentication bypass vulnerability
- CVE-2023-27370 (CVSS score: 5.7) – Plaintext storage information disclosure vulnerability in device configuration
- CVE-2023-27367 (CVSS Score: 8.0) – Remote Code Execution Vulnerability via Command Injection
A proof-of-concept (PoC) exploit chain demonstrated by an industrial cybersecurity company is capable of chaining CVE-2023-27357, CVE-2023-27369, CVE-2023-27368, CVE-2023-27370 flaws indicates that , CVE-2023-27367 (in that order) — extract the serial number of the device and finally gain root access to it.
“These five CVEs can cascade to compromise affected RAX30 routers, the most severe of which allows pre-authentication remote code execution on the device,” Katz said. .
Users of Netgear RAX30 routers are advised to update to firmware version 220.127.116.11 released by the network company on April 7, 2023 to address the defect and reduce potential risks.