// For flags

CVE-2023-23110

 

Severity Score

7.4
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

9
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification. This affects WNR612v2 Wireless Routers 1.0.0.3 and earlier, DGN1000v3 Modem Router 1.0.0.22 and earlier, D6100 WiFi DSL Modem Routers 1.0.0.63 and earlier, WNR1000v2 Wireless Routers 1.1.2.60 and earlier, XAVN2001v2 Wireless-N Extenders 0.4.0.7 and earlier, WNR2200 Wireless Routers 1.0.1.102 and earlier, WNR2500 Wireless Routers 1.0.0.34 and earlier, R8900 Smart WiFi Routers 1.0.3.6 and earlier, and R9000 Smart WiFi Routers 1.0.3.6 and earlier.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-01-11 CVE Reserved
  • 2023-02-02 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-08-02 First Exploit
  • 2024-09-23 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-494: Download of Code Without Integrity Check
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Netgear
Search vendor "Netgear"
Wnr612v2 Firmware
Search vendor "Netgear" for product "Wnr612v2 Firmware"
<= 1.0.0.3
Search vendor "Netgear" for product "Wnr612v2 Firmware" and version " <= 1.0.0.3"
-
Affected
in Netgear
Search vendor "Netgear"
Wnr612v2
Search vendor "Netgear" for product "Wnr612v2"
--
Safe
Netgear
Search vendor "Netgear"
Dgn1000v3 Firmware
Search vendor "Netgear" for product "Dgn1000v3 Firmware"
<= 1.0.0.22
Search vendor "Netgear" for product "Dgn1000v3 Firmware" and version " <= 1.0.0.22"
-
Affected
in Netgear
Search vendor "Netgear"
Dgn1000v3
Search vendor "Netgear" for product "Dgn1000v3"
--
Safe
Netgear
Search vendor "Netgear"
D6100 Firmware
Search vendor "Netgear" for product "D6100 Firmware"
<= 1.0.0.63
Search vendor "Netgear" for product "D6100 Firmware" and version " <= 1.0.0.63"
-
Affected
in Netgear
Search vendor "Netgear"
D6100
Search vendor "Netgear" for product "D6100"
--
Safe
Netgear
Search vendor "Netgear"
Wnr1000v2 Firmware
Search vendor "Netgear" for product "Wnr1000v2 Firmware"
<= 1.1.2.60
Search vendor "Netgear" for product "Wnr1000v2 Firmware" and version " <= 1.1.2.60"
-
Affected
in Netgear
Search vendor "Netgear"
Wnr1000v2
Search vendor "Netgear" for product "Wnr1000v2"
--
Safe
Netgear
Search vendor "Netgear"
Xavn2001v2 Firmware
Search vendor "Netgear" for product "Xavn2001v2 Firmware"
<= 0.4.0.7
Search vendor "Netgear" for product "Xavn2001v2 Firmware" and version " <= 0.4.0.7"
-
Affected
in Netgear
Search vendor "Netgear"
Xavn2001v2
Search vendor "Netgear" for product "Xavn2001v2"
--
Safe
Netgear
Search vendor "Netgear"
Wnr2200 Firmware
Search vendor "Netgear" for product "Wnr2200 Firmware"
<= 1.0.1.102
Search vendor "Netgear" for product "Wnr2200 Firmware" and version " <= 1.0.1.102"
-
Affected
in Netgear
Search vendor "Netgear"
Wnr2200
Search vendor "Netgear" for product "Wnr2200"
--
Safe
Netgear
Search vendor "Netgear"
Wnr2500 Firmware
Search vendor "Netgear" for product "Wnr2500 Firmware"
<= 1.0.0.34
Search vendor "Netgear" for product "Wnr2500 Firmware" and version " <= 1.0.0.34"
-
Affected
in Netgear
Search vendor "Netgear"
Wnr2500
Search vendor "Netgear" for product "Wnr2500"
--
Safe
Netgear
Search vendor "Netgear"
R8900 Firmware
Search vendor "Netgear" for product "R8900 Firmware"
<= 1.0.3.6
Search vendor "Netgear" for product "R8900 Firmware" and version " <= 1.0.3.6"
-
Affected
in Netgear
Search vendor "Netgear"
R8900
Search vendor "Netgear" for product "R8900"
--
Safe
Netgear
Search vendor "Netgear"
R9000 Firmware
Search vendor "Netgear" for product "R9000 Firmware"
<= 1.0.3.6
Search vendor "Netgear" for product "R9000 Firmware" and version " <= 1.0.3.6"
-
Affected
in Netgear
Search vendor "Netgear"
R9000
Search vendor "Netgear" for product "R9000"
--
Safe