Lucene search

[email protected]CVE-2023-23110

HistoryFeb 02, 2023 - 3:17 p.m.

CVE-2023-23110

2023-02-0215:17:43

CWE-494

[email protected]

web.nvd.nist.gov

cve-2023-23110

netgear

firmware modification

vulnerability

mitm attack

data integrity

checksum

nvd

security

exploit

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

7.3 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

75.0%

JSON

An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification. This affects WNR612v2 Wireless Routers 1.0.0.3 and earlier, DGN1000v3 Modem Router 1.0.0.22 and earlier, D6100 WiFi DSL Modem Routers 1.0.0.63 and earlier, WNR1000v2 Wireless Routers 1.1.2.60 and earlier, XAVN2001v2 Wireless-N Extenders 0.4.0.7 and earlier, WNR2200 Wireless Routers 1.0.1.102 and earlier, WNR2500 Wireless Routers 1.0.0.34 and earlier, R8900 Smart WiFi Routers 1.0.3.6 and earlier, and R9000 Smart WiFi Routers 1.0.3.6 and earlier.

Affected configurations

NVD

Node

netgearwnr612v2_firmwareRange≤1.0.0.3

AND

netgearwnr612v2Match-

Node

netgeardgn1000v3Match-

AND

netgeardgn1000v3_firmwareRange≤1.0.0.22

Node

netgeard6100Match-

AND

netgeard6100_firmwareRange≤1.0.0.63

Node

netgearwnr1000v2Match-

AND

netgearwnr1000v2_firmwareRange≤1.1.2.60

Node

netgearxavn2001v2Match-

AND

netgearxavn2001v2_firmwareRange≤0.4.0.7

Node

netgearwnr2200Match-

AND

netgearwnr2200_firmwareRange≤1.0.1.102

Node

netgearwnr2500Match-

AND

netgearwnr2500_firmwareRange≤1.0.0.34

Node

netgearr8900Match-

AND

netgearr8900_firmwareRange≤1.0.3.6

Node

netgearr9000Match-

AND

netgearr9000_firmwareRange≤1.0.3.6

CPENameOperatorVersion
netgear:wnr612v2_firmwarenetgear wnr612v2 firmwarele1.0.0.3

CPE	Name	Operator	Version
netgear:wnr612v2_firmware	netgear wnr612v2 firmware	le	1.0.0.3

References

hackmd.io/%40slASVrz_SrW7NQCsunofeA/BkBPIeGco

hackmd.io/%40slASVrz_SrW7NQCsunofeA/H1lIcXbco

hackmd.io/%40slASVrz_SrW7NQCsunofeA/HyZRxmb9s

hackmd.io/%40slASVrz_SrW7NQCsunofeA/r1Z4BX-5i

hackmd.io/%40slASVrz_SrW7NQCsunofeA/ryjVZz-5s

hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1BNhbWqi

hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1qWglM5o

hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1t47Ebqj

hackmd.io/%40slASVrz_SrW7NQCsunofeA/SJCGkb-9o

www.netgear.com/about/security/

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

7.3 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

75.0%

JSON

Related for CVE-2023-23110

prion1 nvd1 cvelist1