7.4

CVE-2023-23110

Exploit

An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification. This affects WNR612v2 Wireless Routers 1.0.0.3 and earlier, DGN1000v3 Modem Router 1.0.0.22 and earlier, D6100 WiFi DSL Modem Routers 1.0.0.63 and earlier, WNR1000v2 Wireless Routers 1.1.2.60 and earlier, XAVN2001v2 Wireless-N Extenders 0.4.0.7 and earlier, WNR2200 Wireless Routers 1.0.1.102 and earlier, WNR2500 Wireless Routers 1.0.0.34 and earlier, R8900 Smart WiFi Routers 1.0.3.6 and earlier, and R9000 Smart WiFi Routers 1.0.3.6 and earlier.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NetgearWnr612v2 Firmware Version <= 1.0.0.3
   NetgearWnr612v2 Version-
NetgearDgn1000v3 Firmware Version <= 1.0.0.22
   NetgearDgn1000v3 Version-
NetgearD6100 Firmware Version <= 1.0.0.63
   NetgearD6100 Version-
NetgearWnr1000v2 Firmware Version <= 1.1.2.60
   NetgearWnr1000v2 Version-
NetgearXavn2001v2 Firmware Version <= 0.4.0.7
   NetgearXavn2001v2 Version-
NetgearWnr2200 Firmware Version <= 1.0.1.102
   NetgearWnr2200 Version-
NetgearWnr2500 Firmware Version <= 1.0.0.34
   NetgearWnr2500 Version-
NetgearR8900 Firmware Version <= 1.0.3.6
   NetgearR8900 Version-
NetgearR9000 Firmware Version <= 1.0.3.6
   NetgearR9000 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.292
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.4 2.2 5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.4 2.2 5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
CWE-494 Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.