Netgear Router Flaws Expose Users to Malware, Remote Attacks, and Surveillance

May 12, 2023Ravie LakshmananNetwork Security / Malware

A total of five security flaws have been revealed in the Netgear RAX30 router that can be chained to bypass authentication and achieve remote code execution.

The successful exploit allowed attackers to monitor users’ internet activity, hijack internet connections, and divert traffic to malicious websites or inject malware into network traffic, said Claroty security researcher Uri Katz. said in a report.

In addition, network-adjacent threat actors can also weaponize flaws to access and control network smart devices such as security cameras, thermostats, smart locks; tamper with router settings, and even use compromised networks to launch attacks against other devices or networks.

Cyber ​​security

The list of drawbacks, that is demonstrated on the Pwn2Own hacking competition held in Toronto in December 2022, are as follows –

  • CVE-2023-27357 (CVSS Score: 6.5) – Lost Authentication Information Disclosure Vulnerability
  • CVE-2023-27368 (CVSS Score: 8.8) – Stack-based Buffer Overflow Authentication Bypass vulnerability
  • CVE-2023-27369 (CVSS Score: 8.8) – Stack-based Buffer Overflow Authentication Bypass vulnerability
  • CVE-2023-27370 (CVSS Score: 5.7) – Device Configuration Cleartext Storage Information Disclosure Vulnerability
  • CVE-2023-27367 (CVSS Score: 8.0) – Command Injection Remote Code Execution Vulnerability

A proof-of-concept (PoC) exploit chain illustrated by an industrial cybersecurity firm shows that it’s possible to chain flaws — CVE-2023-27357, CVE-2023-27369, CVE-2023-27368, CVE-2023-27370 , and CVE -2023-27367 (in that order) — to extract the serial number of the device and finally gain root access to it.


Learn How to Stop Ransomware with Real-Time Protection

Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection.

Save My Seat!

“These five CVEs can be chained together to compromise the affected RAX30 routers, the most severely enabling remote pre-authentication code execution on the device,” Katz noted.

Netgear RAX30 router users are advised to update to firmware version released by the network company on April 7, 2023, to address deficiencies and mitigate potential risks.

Found this article interesting? Follow us on Twitter And LinkedIn to read more exclusive content we post.

Source link

Related Articles

Back to top button