Details of VAR-202302-0136

ID

VAR-202302-0136

CVE

CVE-2023-23110

TITLE

plural Netgear Vulnerability related to insufficient integrity verification of downloaded code in products

Trust: 0.8

sources: JVNDB: JVNDB-2023-003483

DESCRIPTION

An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification. This affects WNR612v2 Wireless Routers 1.0.0.3 and earlier, DGN1000v3 Modem Router 1.0.0.22 and earlier, D6100 WiFi DSL Modem Routers 1.0.0.63 and earlier, WNR1000v2 Wireless Routers 1.1.2.60 and earlier, XAVN2001v2 Wireless-N Extenders 0.4.0.7 and earlier, WNR2200 Wireless Routers 1.0.1.102 and earlier, WNR2500 Wireless Routers 1.0.0.34 and earlier, R8900 Smart WiFi Routers 1.0.3.6 and earlier, and R9000 Smart WiFi Routers 1.0.3.6 and earlier. plural Netgear The product contains a flaw in the integrity verification of downloaded code.Information is tampered with and service operation is interrupted (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-23110 // JVNDB: JVNDB-2023-003483 // VULMON: CVE-2023-23110

AFFECTED PRODUCTS

vendor:	netgear	model:	xavn2001v2	scope:	lte	version:	0.4.0.7	Trust: 1.0
vendor:	netgear	model:	r9000	scope:	lte	version:	1.0.3.6	Trust: 1.0
vendor:	netgear	model:	wnr1000v2	scope:	lte	version:	1.1.2.60	Trust: 1.0
vendor:	netgear	model:	wnr2200	scope:	lte	version:	1.0.1.102	Trust: 1.0
vendor:	netgear	model:	r8900	scope:	lte	version:	1.0.3.6	Trust: 1.0
vendor:	netgear	model:	wnr612v2	scope:	lte	version:	1.0.0.3	Trust: 1.0
vendor:	netgear	model:	wnr2500	scope:	lte	version:	1.0.0.34	Trust: 1.0
vendor:	netgear	model:	d6100	scope:	lte	version:	1.0.0.63	Trust: 1.0
vendor:	netgear	model:	dgn1000v3	scope:	lte	version:	1.0.0.22	Trust: 1.0
vendor:	ネットギア	model:	wnr2200	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	wnr2500	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	wnr612v2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	dgn1000v3	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	d6100	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	wnr1000v2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	xavn2001v2	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r8900	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	r9000	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-003483 // NVD: CVE-2023-23110

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-23110
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-23110
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202302-162
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2023-23110
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2023-23110
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-003483 // CNNVD: CNNVD-202302-162 // NVD: CVE-2023-23110

PROBLEMTYPE DATA

problemtype:	CWE-494	Trust: 1.0
problemtype:	Incomplete integrity verification of downloaded code (CWE-494) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-003483 // NVD: CVE-2023-23110

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-162

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202302-162

PATCH

title:	NETGEAR Product Security	url:	https://www.netgear.com/about/security/	Trust: 0.8
title:	NETGEAR D6100 Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=224796	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2023-23110	Trust: 0.1

sources: VULMON: CVE-2023-23110 // JVNDB: JVNDB-2023-003483 // CNNVD: CNNVD-202302-162

EXTERNAL IDS

db:	NVD	id:	CVE-2023-23110	Trust: 3.3
db:	JVNDB	id:	JVNDB-2023-003483	Trust: 0.8
db:	CNNVD	id:	CNNVD-202302-162	Trust: 0.6
db:	VULMON	id:	CVE-2023-23110	Trust: 0.1

sources: VULMON: CVE-2023-23110 // JVNDB: JVNDB-2023-003483 // CNNVD: CNNVD-202302-162 // NVD: CVE-2023-23110

REFERENCES

url:	https://www.netgear.com/about/security/	Trust: 1.7
url:	https://hackmd.io/%40slasvrz_srw7nqcsunofea/sjcgkb-9o	Trust: 1.7
url:	https://hackmd.io/%40slasvrz_srw7nqcsunofea/s1bnhbwqi	Trust: 1.7
url:	https://hackmd.io/%40slasvrz_srw7nqcsunofea/hyzrxmb9s	Trust: 1.7
url:	https://hackmd.io/%40slasvrz_srw7nqcsunofea/r1z4bx-5i	Trust: 1.7
url:	https://hackmd.io/%40slasvrz_srw7nqcsunofea/ryjvzz-5s	Trust: 1.7
url:	https://hackmd.io/%40slasvrz_srw7nqcsunofea/s1t47ebqj	Trust: 1.7
url:	https://hackmd.io/%40slasvrz_srw7nqcsunofea/bkbpiegco	Trust: 1.7
url:	https://hackmd.io/%40slasvrz_srw7nqcsunofea/s1qwglm5o	Trust: 1.7
url:	https://hackmd.io/%40slasvrz_srw7nqcsunofea/h1licxbco	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2023-23110	Trust: 0.8
url:	https://hackmd.io/@slasvrz_srw7nqcsunofea/bkbpiegco	Trust: 0.8
url:	https://hackmd.io/@slasvrz_srw7nqcsunofea/h1licxbco	Trust: 0.8
url:	https://hackmd.io/@slasvrz_srw7nqcsunofea/hyzrxmb9s	Trust: 0.8
url:	https://hackmd.io/@slasvrz_srw7nqcsunofea/s1bnhbwqi	Trust: 0.8
url:	https://hackmd.io/@slasvrz_srw7nqcsunofea/s1qwglm5o	Trust: 0.8
url:	https://hackmd.io/@slasvrz_srw7nqcsunofea/s1t47ebqj	Trust: 0.8
url:	https://hackmd.io/@slasvrz_srw7nqcsunofea/sjcgkb-9o	Trust: 0.8
url:	https://hackmd.io/@slasvrz_srw7nqcsunofea/r1z4bx-5i	Trust: 0.8
url:	https://hackmd.io/@slasvrz_srw7nqcsunofea/ryjvzz-5s	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2023-23110/	Trust: 0.6
url:	https://github.com/live-hack-cve/cve-2023-23110	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-23110 // JVNDB: JVNDB-2023-003483 // CNNVD: CNNVD-202302-162 // NVD: CVE-2023-23110

SOURCES

db:	VULMON	id:	CVE-2023-23110
db:	JVNDB	id:	JVNDB-2023-003483
db:	CNNVD	id:	CNNVD-202302-162
db:	NVD	id:	CVE-2023-23110

LAST UPDATE DATE

2024-08-14T15:26:52.977000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-23110	date:	2023-02-03T00:00:00
db:	JVNDB	id:	JVNDB-2023-003483	date:	2023-09-11T01:21:00
db:	CNNVD	id:	CNNVD-202302-162	date:	2023-02-13T00:00:00
db:	NVD	id:	CVE-2023-23110	date:	2023-02-09T21:51:00.803

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-23110	date:	2023-02-02T00:00:00
db:	JVNDB	id:	JVNDB-2023-003483	date:	2023-09-11T00:00:00
db:	CNNVD	id:	CNNVD-202302-162	date:	2023-02-02T00:00:00
db:	NVD	id:	CVE-2023-23110	date:	2023-02-02T15:17:43.473