The five vulnerabilities used in the exploit chain are tracked as CVE-2023-27357, CVE-2023-27367, CVE-2023-27368, CVE-2023-27369, and CVE-2023-27370. Three of the vulnerabilities have been rated ‘high severity,’ and their exploitation can lead to remote code execution, authentication bypass, and command injection. Chaining all the flaws together can have a significant impact as it can allow an attacker to monitor user activity, hijack internet connections and redirect traffic to malicious websites or inject malware into network traffic.
Claroty warns that “the attacker (can) also use these vulnerabilities to access and control networked smart devices/security cameras, thermostats, smart locks, etc.” They can also change router settings including credentials or DNS settings, or use a compromised network to launch attacks against other devices or networks. It is worth noting, however, that the exploit requires access to the LAN, and it’s not a WAN attack that can be executed from the internet, which is why it earned a smaller reward at Pwn2Own.
The vulnerabilities have been patched by Netgear with the release of firmware version 1.0.10.94 in early April. Netgear explains that “these vulnerabilities require an attacker to have your WiFi passreplace or an Ethernet connection to your network to be exploited.” Internet users should ensure that they apply the most recent firmware updates to their Netgear routers.
In conclusion, the discovery of the five vulnerabilities by Claroty highlights the growing concern over internet security and the challenges of monitoring and controlling the growing number of connected devices. Therefore, it is essential to take proactive steps to protect networked devices from external threats that can manipulate vulnerabilities through LAN or WAN attacks.
<< photo by Aditya Singh >>
