How severe is CVE-2023-23110?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.4 out of 10.

What type of vulnerability is CVE-2023-23110?

This is classified as CWE-494, which is a common weakness in software security.

CVE-2023-23110 - HIGH Severity | CVSS 7.4

Vulnerability Description

An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification. This affects WNR612v2 Wireless Routers 1.0.0.3 and earlier, DGN1000v3 Modem Router 1.0.0.22 and earlier, D6100 WiFi DSL Modem Routers 1.0.0.63 and earlier, WNR1000v2 Wireless Routers 1.1.2.60 and earlier, XAVN2001v2 Wireless-N Extenders 0.4.0.7 and earlier, WNR2200 Wireless Routers 1.0.1.102 and earlier, WNR2500 Wireless Routers 1.0.0.34 and earlier, R8900 Smart WiFi Routers 1.0.3.6 and earlier, and R9000 Smart WiFi Routers 1.0.3.6 and earlier.

Related Vulnerabilities

CVE-2019-3977

HIGH

CVSS:7.5(High)

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick...

CWE-4942019

CVE-2019-5982

HIGH

CVSS:7.5(High)

Improper download file verification vulnerability in VAIO Update 7.3.0.03150 and earlier allows remote attackers to conduct a man-in-the-middle attack via a malicous wireless LAN access point. A succe...

CWE-4942019

CVE-2020-10926

HIGH

CVSS:7.5(High)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vuln...

CWE-4942020

CVE-2020-5772

HIGH

CVSS:7.5(High)

Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file.

CWE-4942020

CVE-2021-45027

HIGH

CVSS:7.5(High)

An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 5.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user suppl...

CWE-4942021

CVE-2022-36671

HIGH

CVSS:7.5(High)

Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API.

CWE-4942022