Claroty researchers discover critical vulnerabilities in Netgear RAX30 routers; urges users to upgrade immediately

May 2023 by Claroty

Claroty have today announced the disclosure of five vulnerabilities in NETGEAR’s RAX30 routers as part of its research and participation in last December’s Pwn2Own Toronto hacking competition.

NETGEAR have patched all five vulnerabilities uncovered by Claroty, three of which were high-severity vulnerabilities that enable remote code execution, command injection, or authentication bypasses.

Successful exploits could allow attackers to monitor users’ internet activity, hijack internet connections and redirect traffic to malicious websites or inject malware into network traffic.

An attacker could also use these vulnerabilities to access and control networked smart devices (security cameras, thermostats, smart locks), change router settings including credentials or DNS settings, or use a compromised network to launch attacks against other devices or networks.