CVE-2023-35721

NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the update functionality, which operates over HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19981.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector : AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://kb.netgear.com/000065668/Security-Advisory-for-Improper-Remote-Server-Certificate-Validation-on-the-RAX50-PSV-2023-0019
https://www.zerodayinitiative.com/advisories/ZDI-23-893/

Configurations

No configuration.

History

No history.

Information

Published : 2024-05-03 02:15

Updated : 2024-05-03 12:50

NVD link : CVE-2023-35721

Mitre link : CVE-2023-35721

CVE.ORG link : CVE-2023-35721

JSON object : View

Products Affected

No product.

CWE

CWE-295

Improper Certificate Validation

{"id": "CVE-2023-35721", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "zdi-disclosures@trendmicro.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2024-05-03T02:15:34.800", "references": [{"url": "https://kb.netgear.com/000065668/Security-Advisory-for-Improper-Remote-Server-Certificate-Validation-on-the-RAX50-PSV-2023-0019", "source": "zdi-disclosures@trendmicro.com"}, {"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-893/", "source": "zdi-disclosures@trendmicro.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "zdi-disclosures@trendmicro.com", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the update functionality, which operates over HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19981."}, {"lang": "es", "value": "NETGEAR M\u00faltiples enrutadores curl_post Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de validaci\u00f3n de certificado incorrecta. Esta vulnerabilidad permite a atacantes adyacentes a la red comprometer la integridad de la informaci\u00f3n descargada en instalaciones afectadas de m\u00faltiples enrutadores NETGEAR. No se requiere autenticaci\u00f3n para aprovechar esta vulnerabilidad. La falla espec\u00edfica existe dentro de la funcionalidad de actualizaci\u00f3n, que opera a trav\u00e9s de HTTPS. El problema se debe a la falta de validaci\u00f3n adecuada del certificado presentado por el servidor. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto de la ra\u00edz. Fue ZDI-CAN-19981."}], "lastModified": "2024-05-03T12:50:34.250", "sourceIdentifier": "zdi-disclosures@trendmicro.com"}