CVE-2023-35721 – This vulnerability in NETGEAR routers allows ne... (How to Fix)

Q: What is the severity of CVE-2023-35721?

CVE-2023-35721 has a CVSS score of 8.8 (HIGH). This vulnerability in NETGEAR routers allows network-adjacent attackers to exploit improper certificate validation in the HTTPS update functionality. Attackers can use this to compromise downloaded information and potentially execute arbitrary code as root without authentication. Affected users include anyone using vulnerable NETGEAR router models.

📋 TL;DR

This vulnerability in NETGEAR routers allows network-adjacent attackers to exploit improper certificate validation in the HTTPS update functionality. Attackers can use this to compromise downloaded information and potentially execute arbitrary code as root without authentication. Affected users include anyone using vulnerable NETGEAR router models.

💻 Affected Systems

Products:

NETGEAR RAX50
Other NETGEAR router models with similar curl_post functionality

Versions: Firmware versions prior to 1.0.2.88 for RAX50

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Multiple NETGEAR router models may be affected based on the ZDI advisory reference.

📦 What is this software?

Rax50 Firmware by Netgear

View all CVEs affecting Rax50 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with root privileges, allowing complete device compromise, data theft, and persistence on the network.

🟠

Likely Case

Man-in-the-middle attacks to deliver malicious firmware updates, potentially leading to device compromise or network infiltration.

🟢

If Mitigated

Limited to certificate validation bypass only if other attack vectors are blocked.

🌐 Internet-Facing: MEDIUM - Requires network adjacency, not directly internet-facing, but routers often have WAN interfaces.

🏢 Internal Only: HIGH - Network-adjacent attackers on the same LAN can exploit without authentication.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires network adjacency and likely combination with other vulnerabilities for full RCE. ZDI has confirmed the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: RAX50 firmware 1.0.2.88 or later

Vendor Advisory: https://kb.netgear.com/000065668/Security-Advisory-for-Improper-Remote-Server-Certificate-Validation-on-the-RAX50-PSV-2023-0019

Restart Required: Yes

Instructions:

1. Log into router admin interface. 2. Navigate to Advanced > Administration > Firmware Update. 3. Check for updates. 4. If update available, download and install. 5. Router will reboot automatically.

🔧 Temporary Workarounds

Disable automatic updates

all

Prevent router from automatically checking for updates over vulnerable HTTPS connection

Network segmentation

all

Isolate router management interface from untrusted networks

🧯 If You Can't Patch

Replace affected router with patched model or different vendor
Implement strict network access controls to limit who can communicate with router management interface

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface under Advanced > Administration > Firmware Update

Check Version:

No CLI command - check via web interface at http://routerlogin.net or router IP

Verify Fix Applied:

Confirm firmware version is 1.0.2.88 or later for RAX50, or check vendor advisory for other models

📡 Detection & Monitoring

Log Indicators:

Unusual firmware update attempts
HTTPS connections to update servers with invalid certificates

Network Indicators:

Man-in-the-middle activity between router and update servers
Unusual outbound HTTPS traffic from router

SIEM Query:

source_ip=ROUTER_IP AND dest_port=443 AND (certificate_error OR ssl_handshake_failure)

📊 Metadata

CVE ID: CVE-2023-35721

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-295

Published: May 3, 2024

Last Updated: August 7, 2025

🔗 References

https://kb.netgear.com/000065668/Security-Advisory-for-Improper-Remote-Server-Certificate-Validation-on-the-RAX50-PSV-2023-0019 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-893/ Third Party Advisory
https://kb.netgear.com/000065668/Security-Advisory-for-Improper-Remote-Server-Certificate-Validation-on-the-RAX50-PSV-2023-0019 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-893/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-35721, you might also want to check these: