Rewterz Threat Alert – NJRAT – Active IOCs

March 14, 2023

Rewterz Threat Alert – MeterPreter Malware – Active IOCs

March 14, 2023

Rewterz Threat Advisory – Multiple Netgear Nighthawk WiFi6 Router Vulnerabilities

March 14, 2023

Severity

High

Analysis Summary

CVE-2023-27853 CVSS:8.3

NETGEAR Nighthawk WiFi6 Router could allow a remote attacker to execute arbitrary code on the system, caused by a format string flaw in the SOAP service. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-27852 CVSS:8.8

NETGEAR Nighthawk WiFi6 Router is vulnerable to a buffer overflow, caused by improper bounds checking by the Password Reset CGI, Traffic Management CGI, and rex_cgi. By sending a specially crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system.

CVE-2023-27851 CVSS:9.8

NETGEAR Nighthawk WiFi6 Router could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the ReadyShare Default Share Configurations. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-27850 CVSS:7.6

NETGEAR Nighthawk WiFi6 Router could allow a physical attacker to bypass security restrictions, caused by a flaw in the ReadyShare function. By using a specially crafted USB device, an attacker could exploit this vulnerability to read and modify arbitrary files on the device.

CVE-2023-1205 CVSS:8.8

NETGEAR Nighthawk WiFi6 Router is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

Impact

Code Execution
Security Bypass
Buffer Overflow
Unauthorized Access

Indicators Of Compromise

CVE

CVE-2023-27853
CVE-2023-27852
CVE-2023-27851
CVE-2023-27850
CVE-2023-1205

Affected Vendors

NETGEAR

Affected Products

NETGEAR Nighthawk WiFi6 Router 1.0.10

Remediation

Upgrade to the latest version of Nighthawk WiFi6 Router, available from the NETGEAR Web site.

NETGEAR Web site

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

ClickFix Scheme Used by Russian Hackers to Deploy Espionage Malware – Active IOCs

Cyber Threat Alert: Immediate Action Required on Existing APT Threat Indicators – Active IOCs

Tinba aka TinyBanker Trojan – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – NJRAT – Active IOCs

Rewterz Threat Alert – MeterPreter Malware – Active IOCs

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.