CVE-2023-23110
Severity Score
7.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
9
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification. This affects WNR612v2 Wireless Routers 1.0.0.3 and earlier, DGN1000v3 Modem Router 1.0.0.22 and earlier, D6100 WiFi DSL Modem Routers 1.0.0.63 and earlier, WNR1000v2 Wireless Routers 1.1.2.60 and earlier, XAVN2001v2 Wireless-N Extenders 0.4.0.7 and earlier, WNR2200 Wireless Routers 1.0.1.102 and earlier, WNR2500 Wireless Routers 1.0.0.34 and earlier, R8900 Smart WiFi Routers 1.0.3.6 and earlier, and R9000 Smart WiFi Routers 1.0.3.6 and earlier.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-01-11 CVE Reserved
- 2023-02-02 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-09-23 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-494: Download of Code Without Integrity Check
CAPEC
References (10)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/BkBPIeGco | 2024-08-02 | |
| https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/H1lIcXbco | 2024-08-02 | |
| https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/HyZRxmb9s | 2024-08-02 | |
| https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1BNhbWqi | 2024-08-02 | |
| https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1qWglM5o | 2024-08-02 | |
| https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/S1t47Ebqj | 2024-08-02 | |
| https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/SJCGkb-9o | 2024-08-02 | |
| https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/r1Z4BX-5i | 2024-08-02 | |
| https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/ryjVZz-5s | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.netgear.com/about/security | 2023-02-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netgear Search vendor "Netgear" | Wnr612v2 Firmware Search vendor "Netgear" for product "Wnr612v2 Firmware" | <= 1.0.0.3 Search vendor "Netgear" for product "Wnr612v2 Firmware" and version " <= 1.0.0.3" | - |
Affected
| in | Netgear Search vendor "Netgear" | Wnr612v2 Search vendor "Netgear" for product "Wnr612v2" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Dgn1000v3 Firmware Search vendor "Netgear" for product "Dgn1000v3 Firmware" | <= 1.0.0.22 Search vendor "Netgear" for product "Dgn1000v3 Firmware" and version " <= 1.0.0.22" | - |
Affected
| in | Netgear Search vendor "Netgear" | Dgn1000v3 Search vendor "Netgear" for product "Dgn1000v3" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | D6100 Firmware Search vendor "Netgear" for product "D6100 Firmware" | <= 1.0.0.63 Search vendor "Netgear" for product "D6100 Firmware" and version " <= 1.0.0.63" | - |
Affected
| in | Netgear Search vendor "Netgear" | D6100 Search vendor "Netgear" for product "D6100" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Wnr1000v2 Firmware Search vendor "Netgear" for product "Wnr1000v2 Firmware" | <= 1.1.2.60 Search vendor "Netgear" for product "Wnr1000v2 Firmware" and version " <= 1.1.2.60" | - |
Affected
| in | Netgear Search vendor "Netgear" | Wnr1000v2 Search vendor "Netgear" for product "Wnr1000v2" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Xavn2001v2 Firmware Search vendor "Netgear" for product "Xavn2001v2 Firmware" | <= 0.4.0.7 Search vendor "Netgear" for product "Xavn2001v2 Firmware" and version " <= 0.4.0.7" | - |
Affected
| in | Netgear Search vendor "Netgear" | Xavn2001v2 Search vendor "Netgear" for product "Xavn2001v2" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Wnr2200 Firmware Search vendor "Netgear" for product "Wnr2200 Firmware" | <= 1.0.1.102 Search vendor "Netgear" for product "Wnr2200 Firmware" and version " <= 1.0.1.102" | - |
Affected
| in | Netgear Search vendor "Netgear" | Wnr2200 Search vendor "Netgear" for product "Wnr2200" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | Wnr2500 Firmware Search vendor "Netgear" for product "Wnr2500 Firmware" | <= 1.0.0.34 Search vendor "Netgear" for product "Wnr2500 Firmware" and version " <= 1.0.0.34" | - |
Affected
| in | Netgear Search vendor "Netgear" | Wnr2500 Search vendor "Netgear" for product "Wnr2500" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | R8900 Firmware Search vendor "Netgear" for product "R8900 Firmware" | <= 1.0.3.6 Search vendor "Netgear" for product "R8900 Firmware" and version " <= 1.0.3.6" | - |
Affected
| in | Netgear Search vendor "Netgear" | R8900 Search vendor "Netgear" for product "R8900" | - | - |
Safe
|
| Netgear Search vendor "Netgear" | R9000 Firmware Search vendor "Netgear" for product "R9000 Firmware" | <= 1.0.3.6 Search vendor "Netgear" for product "R9000 Firmware" and version " <= 1.0.3.6" | - |
Affected
| in | Netgear Search vendor "Netgear" | R9000 Search vendor "Netgear" for product "R9000" | - | - |
Safe
|