Vulnerabilities in Netgear, D-Link routers allow remote code execution

The Zero Day Initiative (ZDI) project has disclosed information about vulnerabilities in the routers NetGear and d-Link that allow remote code execution without authentication. ZDI offers rewards for vulnerability reports and organizes the PWN2OWN competition. It is unclear if these vulnerabilities are related to the attacks demonstrated at the December PWN2OWN competition in Toronto, which targeted the Netgear RAX30 AX2400 router and the TP-Link AX1800/Archer AX21.

  • CVE-2023-35723: This vulnerability affects the firmware of the D-Link Dir-X3260 router, allowing remote code execution without authentication with root rights. The issue arises from the lack of proper input data verification when processing SOAPACTION requests in the Prog.CGI script. D-Link has addressed the vulnerability in the firmware update 1.04b01 (Beta-Hotfix) announcement.
  • CVE-2023-35722: The NetGear RAX30 router is vulnerable to remote code execution with root rights without authentication. The vulnerability occurs during the processing of UPNP requests for port comparison due to improper input data verification. NetGear has released a firmware update 1.0.11.96_2_hotfix to address this vulnerability advisory.
  • CVE-2023-35721: This vulnerability affects various models of Netgear routers and allows for man-in-the-middle attacks to modify the loaded firmware update and execute code with root rights. The vulnerability occurs because the server certificate
/Reports, release notes, official announcements.