According to a report by a Claroty security researcher, up to five security vulnerabilities have been uncovered in Netgear RAX30 routers that can be chained together in a specific order to bypass authentication and perform remote code execution. This means, they can control the device from wherever they happen to be. Exploits of these particular vulnerabilities have the potential to do a lot of things that we’d prefer they not do, such as allow attackers to monitor users' internet activity, take over internet connections, and reroute traffic to malicious websites. That’s a lot of bad things.
But of course, there is indeed more. In addition to that, an individual with network proximity could utilize these to gain access to and control networked smart devices such as security cameras, thermostats, and smart locks—those Internet of Things (IoT) devices many of us have these days.
Yep. You guessed it. There is even more. Attackers may also manipulate the router settings and exploit the compromised network to launch attacks against other devices or networks. That’s why separating IoT devices from computers, tablets, and smartphones, for instance, is recommended. Most routers have the capability to create two networks. You should use one for your IoT devices, such as that internet-connected refrigerator that orders milk for you, and the other for your laptops, smart devices, and printers.
The list of CVEs affected by this are:
- CVE-2023-27357 - Missing Authentication Information Disclosure Vulnerability
- CVE-2023-27368 - Stack-based Buffer Overflow Authentication Bypass Vulnerability
- CVE-2023-27369 - Stack-based Buffer Overflow Authentication Bypass Vulnerability
- CVE-2023-27370 - Device Configuration Cleartext Storage Information Disclosure Vulnerability
- CVE-2023-27367 - Command Injection Remote Code Execution Vulnerability
A proof-of-concept (PoC) exploit chain was performed that showed it is possible to string some of the flaws together in a specific order to get to the device serial number and obtain root access to it. Root access is the highest privilege possible on a particular device. It gives the person with that access the ability to change anything on the operating system. If someone gets access to these credentials, they also get access to the operating system and can pretty much do whatever they want to without your permission.
Protecting login credentials is important, no matter what level of access you have. Once an intruder has access into a network, be it at home or at the office, they can find their way to wherever they want to with a little bit of time. So, it’s critical that this information is never shared, even with someone in the IT department. Some organizations, perhaps wisely, have policies that make sharing these a fire-able offense.
Regardless of access, if you have a Netgear RAX30 router anywhere on the network, it’s important to update the firmware version to 220.127.116.11. This version was released by Netgear on April 7, 2023, in order to address these flaws. When checking for the update, go directly to Netgear’s website, rather than click on a link that appears in a dialogue box.