top of page

5 security flaws in Netgear RAX30 routers could lead to remote code execution

Netgear RAX30 routers have been hit with five security flaws that could be chained together to bypass authentication and achieve remote code execution, as demonstrated by industrial cybersecurity firm Claroty at the Pwn2Own hacking competition in Toronto. The five CVEs (CVE-2023-27357, CVE-2023-27369, CVE-2023-27368, CVE-2023-27370, CVE-2023-27367) can be chained together to extract the device serial number and ultimately obtain root access to it. The most severe of the flaws enable pre-authentication remote code execution on the device, so a network-adjacent threat actor could weaponize them to access and control networked smart devices like security cameras, thermostats, smart locks; tamper with router settings, and even use a compromised network to launch attacks against other devices or networks. Join our webinar to learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection.


bottom of page