CVE-2023-23110

CWE-4943 documents3 sources

Severity

7.4HIGH

EPSS

1.3%

top 20.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear D6100 Firmware Netgear Dgn1000v3 Firmware Netgear R8900 Firmware +6 more

Timeline

PublishedFeb 2

Description

An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification. This affects WNR612v2 Wireless Routers 1.0.0.3 and earlier, DGN1000v3 Modem Router 1.0.0.22 and earlier, D6100 WiFi DSL Modem Routers 1.0.0.63 and earlier, WNR1000v2 Wireless Routers 1…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:HExploitability: 2.2 | Impact: 5.2

Affected Packages9 packages

▶NVDnetgear/d6100_firmware1.0.0.63

▶NVDnetgear/r8900_firmware1.0.3.6

▶NVDnetgear/r9000_firmware1.0.3.6

▶NVDnetgear/wnr2200_firmware1.0.1.102

▶NVDnetgear/wnr2500_firmware1.0.0.34

🔴Vulnerability Details

CVEList

CVE-2023-23110: An exploitable firmware modification vulnerability was discovered in certain Netgear products↗2023-02-02

▶

GHSA

GHSA-6fpf-rgcx-jmrx: An exploitable firmware modification vulnerability was discovered in WNR612v2 Wireless Routers firmware version 1↗2023-02-02

▶