CVE-2023-27370 – This vulnerability allows network-adjacent atta... (How to Fix)

Q: What is the severity of CVE-2023-27370?

CVE-2023-27370 has a CVSS score of 5.7 (MEDIUM). This vulnerability allows network-adjacent attackers to bypass authentication and access plaintext configuration secrets stored on NETGEAR RAX30 routers. Attackers can steal stored credentials like admin passwords, potentially leading to full router compromise. Only users of affected NETGEAR RAX30 routers are impacted.

📋 TL;DR

This vulnerability allows network-adjacent attackers to bypass authentication and access plaintext configuration secrets stored on NETGEAR RAX30 routers. Attackers can steal stored credentials like admin passwords, potentially leading to full router compromise. Only users of affected NETGEAR RAX30 routers are impacted.

💻 Affected Systems

Products:

NETGEAR RAX30

Versions: Firmware versions prior to V1.0.10.94

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. Requires network adjacency (same local network segment).

📦 What is this software?

Rax30 Firmware by Netgear

View all CVEs affecting Rax30 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains full administrative control of router, can intercept all network traffic, install malware on connected devices, and pivot to internal network systems.

🟠

Likely Case

Attacker steals router admin credentials, changes configuration to redirect DNS or intercept traffic, potentially compromising user accounts and sensitive data.

🟢

If Mitigated

With proper network segmentation and monitoring, impact limited to isolated router compromise without lateral movement to critical systems.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Authentication bypass required but documented. Plaintext credential extraction is straightforward once bypassed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V1.0.10.94 or later

Vendor Advisory: https://kb.netgear.com/000065619/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0348

Restart Required: Yes

Instructions:

1. Log into router admin interface. 2. Navigate to Advanced > Administration > Firmware Update. 3. Check for updates and install V1.0.10.94 or later. 4. Reboot router after update completes.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate router management interface to separate VLAN with strict access controls.

Access Restriction

all

Configure firewall rules to restrict access to router admin interface to trusted IP addresses only.

🧯 If You Can't Patch

Replace router with patched model or different vendor
Implement network monitoring for unauthorized configuration changes and credential extraction attempts

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under Advanced > Administration > Firmware Update. If version is below V1.0.10.94, device is vulnerable.

Check Version:

curl -k https://routerlogin.net | grep firmware version (requires admin access)

Verify Fix Applied:

Confirm firmware version shows V1.0.10.94 or higher after update. Test authentication bypass attempts should fail.

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts followed by successful configuration access
Unusual configuration export or backup operations

Network Indicators:

Unusual HTTP requests to configuration endpoints from non-admin IPs
Traffic patterns suggesting credential extraction

SIEM Query:

source="router" AND (event="config_access" OR event="auth_bypass")

📊 Metadata

CVE ID: CVE-2023-27370

CVSS v3 Score: 5.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-312

Published: May 3, 2024

Last Updated: January 3, 2025

🔗 References

https://kb.netgear.com/000065619/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0348 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-501/ Third Party Advisory
https://kb.netgear.com/000065619/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0348 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-501/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-27370, you might also want to check these: