Login Sign Up

CVE-2023-34283

4.6 MEDIUM

📋 TL;DR

This vulnerability allows physically present attackers to access arbitrary files on NETGEAR RAX30 routers by exploiting improper symbolic link handling on USB media. Attackers can read sensitive system files without authentication, potentially exposing credentials and configuration data. Only users with physical access to the router and ability to insert USB media are affected.

💻 Affected Systems

Products:
  • NETGEAR RAX30
Versions: Versions prior to V1.0.10.94
Operating Systems: NETGEAR proprietary firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default configuration when USB sharing is enabled. Physical access to router and USB port required.

📦 What is this software?

Rax30 Firmware by Netgear

View all CVEs affecting Rax30 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains root-level access to sensitive system files including configuration, credentials, and potentially private keys, leading to complete router compromise.

🟠

Likely Case

Attacker reads router configuration files, obtains administrative credentials, and potentially gains persistent access to the network.

🟢

If Mitigated

With proper physical security controls, impact is limited as attacker needs physical access to router and USB port.

🌐 Internet-Facing: LOW - Requires physical access to router and USB port, not remotely exploitable.
🏢 Internal Only: MEDIUM - Physical access to router required, but insider threats or unauthorized physical access could exploit.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires creating a symbolic link on USB media and inserting it into router. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V1.0.10.94

Vendor Advisory: https://kb.netgear.com/000065650/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2023-0003-PSV-2023-0004

Restart Required: Yes

Instructions:

1. Log into router admin interface. 2. Navigate to Advanced > Administration > Firmware Update. 3. Check for updates and install V1.0.10.94. 4. Reboot router after update completes.

🔧 Temporary Workarounds

Disable USB Sharing

all

Disable USB media sharing functionality to prevent symbolic link exploitation.

Physical Security Controls

all

Restrict physical access to router and USB ports using locked enclosures or secure locations.

🧯 If You Can't Patch

  • Disable USB sharing functionality in router settings
  • Implement strict physical security controls around router location

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via admin interface. If version is below V1.0.10.94, system is vulnerable.

Check Version:

Login to router admin interface and check firmware version under Advanced > Administration > Firmware Update

Verify Fix Applied:

Verify firmware version is V1.0.10.94 or higher in router admin interface.

📡 Detection & Monitoring

Log Indicators:

  • Unusual USB device connections
  • Multiple failed file access attempts via web interface

Network Indicators:

  • Unusual administrative access patterns

SIEM Query:

Look for USB device insertion events followed by web server file access attempts

📊 Metadata

CVE ID: CVE-2023-34283
CVSS v3 Score: 4.6 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-59
Published: May 3, 2024
Last Updated: January 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-34283, you might also want to check these:

CVE-2024-37143 10.0

This CVE describes an Improper Link Resolution Before File Access vulnerability in multiple Dell Pow...

Same vulnerability type (CWE-59)
CVE-2024-28185 10.0

CVE-2024-28185 is a critical symlink vulnerability in Judge0 that allows attackers to write arbitrar...

Same vulnerability type (CWE-59)
CVE-2024-48862 9.8

CVE-2024-48862 is a path traversal vulnerability in QNAP's QuLog Center that allows remote attackers...

Same vulnerability type (CWE-59)