Experts share details of five flaws that can be chained to hack Netgear RAX30 Routers

Researchers disclosed the details of five vulnerabilities that can be chained to take over some Netgear router models.

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models.

“Team82 disclosed five vulnerabilities in NETGEAR’s Nighthawk RAX30 routers as part of its research and participation in last December’s Pwn2Own Toronto hacking competition.” reads the advisory published by the security firm. “Successful exploits could allow attackers to monitor users’ internet activity, highjack internet connections and redirect traffic to malicious websites or inject malware into network traffic. An attacker could also use these vulnerabilities to access and control networked smart devices (security cameras, thermostats, smart locks), change router settings including credentials or DNS settings, or use a compromised network to launch attacks against other devices or networks.”

The vulnerabilities, tracked as CVE-2023-27357, CVE-2023-27367, CVE-2023-27368, CVE-2023-27369, CVE-2023-27370, were demonstrated by Claroty researchers during the 2022 Pwn2Own Toronto hacking contest as part of an exploit.

Claroty used the exploit to hack Netgear’s Nighthawk RAX30 SOHO router, the team earned $2,500 at Pwn2Own for demonstrating the attack.

“NETGEAR is aware of multiple security vulnerabilities on the RAX30. These vulnerabilities require an attacker to have your WiFi password or an Ethernet connection to your network to be exploited.” reads the advisory published by NETGEAR. “NETGEAR strongly recommends that you download the latest firmware as soon as possible.”

The vendor addressed the issues in April 2023 with the release of firmware version 1.0.10.94 for the RAX30 router family.

Below are the details of the issues:

• CVE-2023-27357 NETGEAR RAX30 GetInfo Missing Authentication Information Disclosure Vulnerability
• CVE-2023-27368: NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability
• CVE-2023-27369: NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability
• CVE-2023-27370: Using soap_serverd auth Bypass to Reset the Admin Password
• CVE-2023-27367: Authentication Bypass to RCE Using Magic telnet and Command Injection

Two of the above issues are Stack-based Buffer Overflow Authentication Bypass Vulnerabilities that can lead to remote code execution. The remaining ones are authentication bypass and command injection flaws.

“NETGEAR recommends users update these devices immediately.” concludes the advisory.

We are in the final!

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini

Please nominate Security Affairs as your favorite blog.

Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, router)