Vulnerability Details : CVE-2023-23110
An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification. This affects WNR612v2 Wireless Routers 1.0.0.3 and earlier, DGN1000v3 Modem Router 1.0.0.22 and earlier, D6100 WiFi DSL Modem Routers 1.0.0.63 and earlier, WNR1000v2 Wireless Routers 1.1.2.60 and earlier, XAVN2001v2 Wireless-N Extenders 0.4.0.7 and earlier, WNR2200 Wireless Routers 1.0.1.102 and earlier, WNR2500 Wireless Routers 1.0.0.34 and earlier, R8900 Smart WiFi Routers 1.0.3.6 and earlier, and R9000 Smart WiFi Routers 1.0.3.6 and earlier.
Products affected by CVE-2023-23110
- cpe:2.3:o:netgear:d6100_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wnr2200_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wnr2500_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:r9000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:r8900_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wnr612v2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:dgn1000v3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:wnr1000v2_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:netgear:xavn2001v2_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-23110
0.87%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-23110
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.4
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H |
2.2
|
5.2
|
NIST |
CWE ids for CVE-2023-23110
-
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-23110
-
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/SJCGkb-9o
A Firmware Modification Vulnerability During Firmware Update in Netgear WNR612 Wireless Routers - HackMDExploit;Third Party Advisory
-
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/H1lIcXbco
A Firmware Modification Vulnerability During Firmware Update in Netgear DGN1000 Modem Router - HackMDExploit;Third Party Advisory
-
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1t47Ebqj
A Firmware Modification Vulnerability During Firmware Update in Netgear XAVN2001 Wireless-N Extender - HackMDExploit;Third Party Advisory
-
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/ryjVZz-5s
A Firmware Modification Vulnerability During Firmware Update in Netgear WNR1000 Wireless Routers - HackMDExploit;Third Party Advisory
-
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/HyZRxmb9s
A Firmware Modification Vulnerability During Firmware Update in Netgear WNR2500 Wireless Routers - HackMDExploit;Third Party Advisory
-
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1qWglM5o
A Firmware Modification Vulnerability During Firmware Update in Netgear R9000 Smart WiFi Routers - HackMDExploit;Third Party Advisory
-
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/r1Z4BX-5i
A Firmware Modification Vulnerability During Firmware Update in Netgear D6100 WiFi DSL Modem Router - HackMDExploit;Third Party Advisory
-
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/BkBPIeGco
A Firmware Modification Vulnerability During Firmware Update in Netgear R8900 Smart WiFi Routers - HackMDExploit;Third Party Advisory
-
https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1BNhbWqi
A Firmware Modification Vulnerability During Firmware Update in Netgear WNR2200 Wireless Routers - HackMDExploit;Third Party Advisory
-
https://www.netgear.com/about/security/
Security Advisory | About Us | NETGEARVendor Advisory
Jump to