CVE-2023-28337: Malicious File Upload
First published: Wed Mar 15 2023(Updated: )
When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the device.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Netgear Rax30 Firmware | ||
| Netgear RAX30 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-28337?
CVE-2023-28337 is a vulnerability that allows the upload of modified or potentially malicious firmware to a Netgear Nighthawk Wifi6 Router (RAX30) by bypassing certain validation checks.
How does CVE-2023-28337 affect Netgear RAX30 firmware?
CVE-2023-28337 affects Netgear RAX30 firmware by allowing the upload of unofficial firmware that could be modified or malicious.
What is the severity of CVE-2023-28337?
CVE-2023-28337 has a severity rating of 8.8 (High).
How can I fix CVE-2023-28337?
To fix CVE-2023-28337, Netgear should release a firmware update that addresses the vulnerability and prevents the bypassing of validation checks.
Where can I find more information about CVE-2023-28337?
More information about CVE-2023-28337 can be found at the following link: https://drupal9.tenable.com/security/research/tra-2023-12
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/netgear
- canonical/netgear rax30 firmware
- canonical/netgear rax30