high
7.4
CWE
494
Advisory Published
Updated

CVE-2023-23110

First published: Thu Feb 02 2023(Updated: )

An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification. This affects WNR612v2 Wireless Routers 1.0.0.3 and earlier, DGN1000v3 Modem Router 1.0.0.22 and earlier, D6100 WiFi DSL Modem Routers 1.0.0.63 and earlier, WNR1000v2 Wireless Routers 1.1.2.60 and earlier, XAVN2001v2 Wireless-N Extenders 0.4.0.7 and earlier, WNR2200 Wireless Routers 1.0.1.102 and earlier, WNR2500 Wireless Routers 1.0.0.34 and earlier, R8900 Smart WiFi Routers 1.0.3.6 and earlier, and R9000 Smart WiFi Routers 1.0.3.6 and earlier.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Netgear Wnr612v2 Firmware<=1.0.0.3
Netgear Wnr612v2
Netgear Dgn1000v3 Firmware<=1.0.0.22
Netgear Dgn1000v3
Netgear D6100 Firmware<=1.0.0.63
NETGEAR D6100
Netgear Wnr1000v2 Firmware<=1.1.2.60
Netgear Wnr1000v2
Netgear Xavn2001v2 Firmware<=0.4.0.7
Netgear Xavn2001v2
Netgear Wnr2200 Firmware<=1.0.1.102
Netgear Wnr2200
Netgear Wnr2500 Firmware<=1.0.0.34
Netgear Wnr2500
Netgear R8900 Firmware<=1.0.3.6
NETGEAR R8900
Netgear R9000 Firmware<=1.0.3.6
NETGEAR R9000

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the vulnerability ID for this Netgear firmware modification vulnerability?

    The vulnerability ID for this Netgear firmware modification vulnerability is CVE-2023-23110.

  • What is the severity of CVE-2023-23110?

    CVE-2023-23110 has a severity rating of 7.4, which is considered high.

  • Which Netgear products are affected by CVE-2023-23110?

    The Netgear products affected by CVE-2023-23110 include WNR612v2 firmware (version up to and including 1.0.0.3), DGN1000v3 firmware (version up to and including 1.0.0.22), D6100 firmware (version up to and including 1.0.0.63), WNR1000v2 firmware (version up to and including 1.1.2.60), Xavn2001v2 firmware (version up to and including 0.4.0.7), WNR2200 firmware (version up to and including 1.0.1.102), WNR2500 firmware (version up to and including 1.0.0.34), R8900 firmware (version up to and including 1.0.3.6), and R9000 firmware (version up to and including 1.0.3.6).

  • How can an attacker exploit CVE-2023-23110?

    An attacker can conduct a MITM (Man-in-the-Middle) attack to modify the user-uploaded firmware image and bypass the fixed checksum number.

  • Are there any references for CVE-2023-23110?

    Yes, there are references available for CVE-2023-23110. You can find them at the following links: [Reference 1](https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/BkBPIeGco), [Reference 2](https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/H1lIcXbco), [Reference 3](https://hackmd.io/%40slASVrz_SrW7NQCsunofeA/HyZRxmb9s).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203