CVE-2023-23110 — HIGH (7.4)

Q: How severe is CVE-2023-23110?

CVE-2023-23110 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-23110?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Wnr612V2 Firmware, Netgear Wnr612V2, Netgear Dgn1000V3 Firmware, Netgear Dgn1000V3, Netgear D6100 Firmware.

Vulnerability Description

An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification. This affects WNR612v2 Wireless Routers 1.0.0.3 and earlier, DGN1000v3 Modem Router 1.0.0.22 and earlier, D6100 WiFi DSL Modem Routers 1.0.0.63 and earlier, WNR1000v2 Wireless Routers 1.1.2.60 and earlier, XAVN2001v2 Wireless-N Extenders 0.4.0.7 and earlier, WNR2200 Wireless Routers 1.0.1.102 and earlier, WNR2500 Wireless Routers 1.0.0.34 and earlier, R8900 Smart WiFi Routers 1.0.3.6 and earlier, and R9000 Smart WiFi Routers 1.0.3.6 and earlier.

CVSS Score

7.4

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Netgear	Wnr612V2 Firmware	<= 1.0.0.3
Netgear	Wnr612V2	-
Netgear	Dgn1000V3 Firmware	<= 1.0.0.22
Netgear	Dgn1000V3	-
Netgear	D6100 Firmware	<= 1.0.0.63
Netgear	D6100	-
Netgear	Wnr1000V2 Firmware	<= 1.1.2.60
Netgear	Wnr1000V2	-
Netgear	Xavn2001V2 Firmware	<= 0.4.0.7
Netgear	Xavn2001V2	-
Netgear	Wnr2200 Firmware	<= 1.0.1.102
Netgear	Wnr2200	-
Netgear	Wnr2500 Firmware	<= 1.0.0.34
Netgear	Wnr2500	-
Netgear	R8900 Firmware	<= 1.0.3.6
Netgear	R8900	-
Netgear	R9000 Firmware	<= 1.0.3.6
Netgear	R9000	-

Related Weaknesses (CWE)

CWE-494

References

https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/BkBPIeGcoExploitThird Party Advisory
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/H1lIcXbcoExploitThird Party Advisory
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/HyZRxmb9sExploitThird Party Advisory
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1BNhbWqiExploitThird Party Advisory
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1qWglM5oExploitThird Party Advisory
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1t47EbqjExploitThird Party Advisory
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/SJCGkb-9oExploitThird Party Advisory
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/r1Z4BX-5iExploitThird Party Advisory
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/ryjVZz-5sExploitThird Party Advisory
https://www.netgear.com/about/security/Vendor Advisory
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/BkBPIeGcoExploitThird Party Advisory
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/H1lIcXbcoExploitThird Party Advisory
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/HyZRxmb9sExploitThird Party Advisory
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1BNhbWqiExploitThird Party Advisory
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1qWglM5oExploitThird Party Advisory

FAQ

What is CVE-2023-23110?

CVE-2023-23110 is a vulnerability with a CVSS score of 7.4 (HIGH). An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an ...

How severe is CVE-2023-23110?

CVE-2023-23110 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-23110?

Check the references section above for vendor advisories and patch information. Affected products include: Netgear Wnr612V2 Firmware, Netgear Wnr612V2, Netgear Dgn1000V3 Firmware, Netgear Dgn1000V3, Netgear D6100 Firmware.