Details of VAR-202305-0220

ID

VAR-202305-0220

CVE

CVE-2023-27356

TITLE

of netgear RAX30 firmware and RAXE300 in the firmware OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-027778

DESCRIPTION

NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the logCtrl action. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19825. of netgear RAX30 firmware and RAXE300 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR RAX30 is a dual-band wireless router from NETGEAR

Trust: 2.79

sources: NVD: CVE-2023-27356 // JVNDB: JVNDB-2023-027778 // ZDI: ZDI-23-503 // CNVD: CNVD-2024-33670

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-33670

AFFECTED PRODUCTS

vendor:	netgear	model:	rax30	scope:	-	version:	-	Trust: 1.3
vendor:	netgear	model:	raxe300	scope:	lt	version:	1.0.10.94	Trust: 1.0
vendor:	netgear	model:	rax30	scope:	lt	version:	1.0.10.94	Trust: 1.0
vendor:	ネットギア	model:	rax30	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	raxe300	scope:	-	version:	-	Trust: 0.8

sources: ZDI: ZDI-23-503 // CNVD: CNVD-2024-33670 // JVNDB: JVNDB-2023-027778 // NVD: CVE-2023-27356

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com:	CVE-2023-27356
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2023-27356
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-27356
value:	HIGH
Trust: 0.8
ZDI:	CVE-2023-27356
value:	MEDIUM
Trust: 0.7
CNVD:	CNVD-2024-33670
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-33670
severity:	HIGH
baseScore:	7.2
vectorString:	AV:A/AC:L/AU:M/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	4.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

zdi-disclosures@trendmicro.com:	CVE-2023-27356
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.0
Trust: 1.0
nvd@nist.gov:	CVE-2023-27356
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2023-27356
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2023-27356
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-23-503 // CNVD: CNVD-2024-33670 // JVNDB: JVNDB-2023-027778 // NVD: CVE-2023-27356 // NVD: CVE-2023-27356

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [NVD evaluation ]	Trust: 0.8
problemtype:	OS Command injection (CWE-78) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-027778 // NVD: CVE-2023-27356

PATCH

title:	NETGEAR has issued an update to correct this vulnerability.	url:	https://kb.netgear.com/000065618/Security-Advisory-for-Post-authentication-Command-Injection-on-Some-Routers-PSV-2022-0350	Trust: 0.7
title:	Patch for NETGEAR RAX30 Remote Code Execution Vulnerability (CNVD-2024-33670)	url:	https://www.cnvd.org.cn/patchInfo/show/567921	Trust: 0.6

sources: ZDI: ZDI-23-503 // CNVD: CNVD-2024-33670

EXTERNAL IDS

db:	NVD	id:	CVE-2023-27356	Trust: 3.9
db:	ZDI	id:	ZDI-23-503	Trust: 2.5
db:	JVNDB	id:	JVNDB-2023-027778	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-19825	Trust: 0.7
db:	CNVD	id:	CNVD-2024-33670	Trust: 0.6

sources: ZDI: ZDI-23-503 // CNVD: CNVD-2024-33670 // JVNDB: JVNDB-2023-027778 // NVD: CVE-2023-27356

REFERENCES

url:	https://kb.netgear.com/000065618/security-advisory-for-post-authentication-command-injection-on-some-routers-psv-2022-0350	Trust: 2.5
url:	https://www.zerodayinitiative.com/advisories/zdi-23-503/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-27356	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-27356	Trust: 0.6

sources: ZDI: ZDI-23-503 // CNVD: CNVD-2024-33670 // JVNDB: JVNDB-2023-027778 // NVD: CVE-2023-27356

CREDITS

Interrupt Labs

Trust: 0.7

sources: ZDI: ZDI-23-503

SOURCES

db:	ZDI	id:	ZDI-23-503
db:	CNVD	id:	CNVD-2024-33670
db:	JVNDB	id:	JVNDB-2023-027778
db:	NVD	id:	CVE-2023-27356

LAST UPDATE DATE

2025-01-09T23:16:27.131000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-23-503	date:	2023-05-01T00:00:00
db:	CNVD	id:	CNVD-2024-33670	date:	2024-07-26T00:00:00
db:	JVNDB	id:	JVNDB-2023-027778	date:	2025-01-07T08:58:00
db:	NVD	id:	CVE-2023-27356	date:	2025-01-03T17:15:37.810

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-23-503	date:	2023-05-01T00:00:00
db:	CNVD	id:	CNVD-2024-33670	date:	2024-07-10T00:00:00
db:	JVNDB	id:	JVNDB-2023-027778	date:	2025-01-07T00:00:00
db:	NVD	id:	CVE-2023-27356	date:	2024-05-03T02:15:13.320