Details of VAR-202305-0252

ID

VAR-202305-0252

CVE

CVE-2023-27370

TITLE

(Pwn2Own) NETGEAR RAX30 Device Configuration Cleartext Storage Information Disclosure Vulnerability

Trust: 0.7

sources: ZDI: ZDI-23-501

DESCRIPTION

NETGEAR RAX30 Device Configuration Cleartext Storage Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of device configuration. The issue results from the storage of configuration secrets in plaintext. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-19841. NETGEAR RAX30 is a dual-band wireless router from NETGEAR

Trust: 2.07

sources: NVD: CVE-2023-27370 // ZDI: ZDI-23-501 // CNVD: CNVD-2024-33909

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-33909

AFFECTED PRODUCTS

vendor:

netgear

model:

rax30

scope:

version:

Trust: 1.3

sources: ZDI: ZDI-23-501 // CNVD: CNVD-2024-33909

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com:	CVE-2023-27370
value:	MEDIUM
Trust: 1.0
ZDI:	CVE-2023-27370
value:	MEDIUM
Trust: 0.7
CNVD:	CNVD-2024-33909
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-33909
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:A/AC:L/AU:S/C:C/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	5.1
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

zdi-disclosures@trendmicro.com:	CVE-2023-27370
baseSeverity:	MEDIUM
baseScore:	5.7
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.1
impactScore:	3.6
version:	3.0
Trust: 1.0
ZDI:	CVE-2023-27370
baseSeverity:	MEDIUM
baseScore:	5.7
vectorString:	AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.1
impactScore:	3.6
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-23-501 // CNVD: CNVD-2024-33909 // NVD: CVE-2023-27370

PROBLEMTYPE DATA

problemtype:

CWE-312

Trust: 1.0

sources: NVD: CVE-2023-27370

PATCH

title:	NETGEAR has issued an update to correct this vulnerability.	url:	https://kb.netgear.com/000065619/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0348	Trust: 0.7
title:	Patch for NETGEAR RAX30 Information Disclosure Vulnerability (CNVD-2024-33909)	url:	https://www.cnvd.org.cn/patchInfo/show/574386	Trust: 0.6

sources: ZDI: ZDI-23-501 // CNVD: CNVD-2024-33909

EXTERNAL IDS

db:	NVD	id:	CVE-2023-27370	Trust: 2.3
db:	ZDI	id:	ZDI-23-501	Trust: 1.7
db:	ZDI_CAN	id:	ZDI-CAN-19841	Trust: 0.7
db:	CNVD	id:	CNVD-2024-33909	Trust: 0.6

sources: ZDI: ZDI-23-501 // CNVD: CNVD-2024-33909 // NVD: CVE-2023-27370

REFERENCES

url:	https://kb.netgear.com/000065619/security-advisory-for-multiple-vulnerabilities-on-the-rax30-psv-2022-0348	Trust: 1.7
url:	https://www.zerodayinitiative.com/advisories/zdi-23-501/	Trust: 1.0
url:	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-27370	Trust: 0.6

sources: ZDI: ZDI-23-501 // CNVD: CNVD-2024-33909 // NVD: CVE-2023-27370

CREDITS

Claroty Research - Vera Mens, Noam Moshe, Uri Katz, Sharon Brizinov

Trust: 0.7

sources: ZDI: ZDI-23-501

SOURCES

db:	ZDI	id:	ZDI-23-501
db:	CNVD	id:	CNVD-2024-33909
db:	NVD	id:	CVE-2023-27370

LAST UPDATE DATE

2024-08-14T13:41:49.427000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-23-501	date:	2023-05-01T00:00:00
db:	CNVD	id:	CNVD-2024-33909	date:	2024-07-30T00:00:00
db:	NVD	id:	CVE-2023-27370	date:	2024-05-03T12:50:34.250

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-23-501	date:	2023-05-01T00:00:00
db:	CNVD	id:	CNVD-2024-33909	date:	2024-07-26T00:00:00
db:	NVD	id:	CVE-2023-27370	date:	2024-05-03T02:15:15.763