Rewterz Threat Alert – DarkCrystal RAT (DCRat) – Active IOCs
July 3, 2023Rewterz Threat Advisory – ICS: Mitsubishi Electric MELSEC-F Series Vulnerability
July 3, 2023Rewterz Threat Alert – DarkCrystal RAT (DCRat) – Active IOCs
July 3, 2023Rewterz Threat Advisory – ICS: Mitsubishi Electric MELSEC-F Series Vulnerability
July 3, 2023Severity
High
Analysis Summary
CVE-2023-35721 CVSS:8.1
Multiple NETGEAR Routers could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the update functionality. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-35722 CVSS:8.8
NETGEAR RAX30 could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw in the handling of UPnP port mapping request. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
Impact
- CVE-2023-35721
- CVE-2023-35722
Indicators Of Compromise
CVE
- CVE-2023-26134
Affected Vendors
NETGEAR
Affected Products
- NETGEAR RAX30
- NETGEAR RAX50
Remediation
Refer to NETGEAR Web site for patch, upgrade or suggested workaround information.