Industrial and IoT cybersecurity firm Claroty on Thursday disclosed the details of five vulnerabilities that can be chained in an exploit potentially allowing threat actors to hack certain Netgear routers.
The vulnerabilities were first presented at the 2022 Pwn2Own Toronto hacking competition, where white hat hackers earned a total of nearly $1 million for exploits targeting smartphones, printers, NAS devices, smart speakers and routers.
Claroty’s router exploit, which targeted Netgear’s Nighthawk RAX30 SOHO router, earned the company’s researchers $2,500 at Pwn2Own.
The flaws used in the exploit chain are tracked as CVE-2023-27357, CVE-2023-27367, CVE-2023-27368, CVE-2023-27369, and CVE-2023-27370. They were all patched by Netgear with the release of firmware version 1.0.10.94 in early April.
Three of the vulnerabilities have been rated ‘high severity’ and their exploitation can lead to remote code execution, authentication bypass and command injection. Chaining all the flaws can have a significant impact.
“Successful exploits could allow attackers to monitor users’ internet activity, hijack internet connections and redirect traffic to malicious websites, or inject malware into network traffic,” Claroty warned on Thursday.
“An attacker could also use these vulnerabilities to access and control networked smart devices (security cameras, thermostats, smart locks), change router settings including credentials or DNS settings, or use a compromised network to launch attacks against other devices or networks,” the company added.
One mitigating factor is that executing the exploit requires access to the LAN — it’s not a WAN attack that can be executed from the internet, which is why it earned a smaller reward at Pwn2Own.
“These vulnerabilities require an attacker to have your WiFi password or an Ethernet connection to your network to be exploited,” Netgear explained in its advisory.
Related: Netgear Neutralizes Pwn2Own Exploits With Last-Minute Nighthawk Router Patches
Related: Game Acceleration Module Vulnerability Exposes Netgear Routers to Attacks
