Last Modified: March 21, 2023
When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the device.
Tweets last week: 4
Remaining steady
Yahoo results: 0
Remaining steady
Current EPSS Score: 0.0005
Remaining steady
Reddit Posts: 1
Remaining steady
Github Repos: 0
Remaining steady
Found exploits:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High
Base Score: 8.8
Exploitability Score:
2.8
Impact Score: 5.9
CVSS V3: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-434
| Condition | Configuration | |
|---|---|---|
| AND | ||
| OR | ||
| OR | ||
| cpe:2.3:o:netgear:rax30_firmware:*:*:*:*:*:*:*:* Part: o Vendor: netgear | Alle Schwachstellen für netgear | |
| OR | ||
| OR | ||
| cpe:2.3:h:netgear:rax30:-:*:*:*:*:*:*:* Part: h Vendor: netgear | Alle Schwachstellen für netgear | |
CWE-ID:
Not defined
Base Score V3:
Not defined
Exploitability Score V3:
Not defined
Impact Score V3:
Not defined
Cvss Vector V3:
Not defined
<?xml version="1.0" ?>
<set operator="and">
<set operator="and">
<set operator="or">
<prop key="operating_system" value="cpe:2.3:o:netgear:rax30_firmware:*:*:*:*:*:*:*:*"/>
</set>
<set operator="or">
<prop key="device" value="cpe:2.3:h:netgear:rax30:-:*:*:*:*:*:*:*"/>
</set>
</set>
</set>
<?xml version="1.0" ?>
<set operator="and">
<set operator="and">
<set operator="or">
<prop key="operating_system" value="cpe:2.3:o:netgear:rax30_firmware:*:*:*:*:*:*:*:*"/>
</set>
<set operator="or">
<prop key="device" value="cpe:2.3:h:netgear:rax30:-:*:*:*:*:*:*:*"/>
</set>
</set>
<prop key="program_influence" value="input"/>
</set>