{"id":731171,"date":"2023-05-12T13:54:32","date_gmt":"2023-05-12T15:54:32","guid":{"rendered":"https:\/\/teknomers.com\/fr\/les-failles-des-routeurs-netgear-exposent-les-utilisateurs-aux-logiciels-malveillants-aux-attaques-a-distance-et-a-la-surveillance\/"},"modified":"2023-05-12T13:54:36","modified_gmt":"2023-05-12T15:54:36","slug":"les-failles-des-routeurs-netgear-exposent-les-utilisateurs-aux-logiciels-malveillants-aux-attaques-a-distance-et-a-la-surveillance","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/les-failles-des-routeurs-netgear-exposent-les-utilisateurs-aux-logiciels-malveillants-aux-attaques-a-distance-et-a-la-surveillance\/","title":{"rendered":"Les failles des routeurs Netgear exposent les utilisateurs aux logiciels malveillants, aux attaques \u00e0 distance et \u00e0 la surveillance"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">12 mai 2023<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">S\u00e9curit\u00e9 r\u00e9seau \/ Logiciels malveillants<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><\/div>\n<p>Jusqu&#8217;\u00e0 cinq failles de s\u00e9curit\u00e9 ont \u00e9t\u00e9 r\u00e9v\u00e9l\u00e9es dans les routeurs Netgear RAX30 qui pourraient \u00eatre encha\u00een\u00e9s pour contourner l&#8217;authentification et r\u00e9aliser l&#8217;ex\u00e9cution de code \u00e0 distance.<\/p>\n<p>&#8220;Des exploits r\u00e9ussis pourraient permettre aux attaquants de surveiller l&#8217;activit\u00e9 Internet des utilisateurs, de d\u00e9tourner les connexions Internet et de rediriger le trafic vers des sites Web malveillants ou d&#8217;injecter des logiciels malveillants dans le trafic r\u00e9seau&#8221;, a d\u00e9clar\u00e9 Uri Katz, chercheur en s\u00e9curit\u00e9 chez Claroty. <a rel=\"nofollow noopener\" href=\"https:\/\/claroty.com\/team82\/research\/chaining-five-vulnerabilities-to-exploit-netgear-nighthawk-rax30-routers-at-pwn2own-toronto-2022\" target=\"_blank\">a dit<\/a> dans un rapport.<\/p>\n<p>De plus, un acteur mena\u00e7ant adjacent au r\u00e9seau pourrait \u00e9galement militariser les failles pour acc\u00e9der et contr\u00f4ler les appareils intelligents en r\u00e9seau tels que les cam\u00e9ras de s\u00e9curit\u00e9, les thermostats, les serrures intelligentes\u00a0;  alt\u00e9rer les param\u00e8tres du routeur et m\u00eame utiliser un r\u00e9seau compromis pour lancer des attaques contre d&#8217;autres appareils ou r\u00e9seaux.<\/p>\n<div class=\"ad_two clear\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/tr60percentstatic-inside-1\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/05\/1682937111_165_Un-acteur-vietnamien-de-la-menace-infecte-500-000-appareils.png\" width=\"728\" height=\"90\"\/><\/a><\/center><\/div>\n<p>La liste des d\u00e9fauts, qui ont \u00e9t\u00e9 <a rel=\"nofollow noopener\" href=\"https:\/\/www.zerodayinitiative.com\/blog\/2022\/12\/5\/pwn2own-toronto-2022-day-one-results\" target=\"_blank\">d\u00e9montr\u00e9<\/a> au concours de piratage Pwn2Own qui s&#8217;est tenu \u00e0 Toronto en d\u00e9cembre 2022, est la suivante &#8211;<\/p>\n<ul>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/claroty.com\/team82\/disclosure-dashboard\/cve-2023-27357\" target=\"_blank\"><strong>CVE-2023-27357<\/strong><\/a>  (Score CVSS\u00a0: 6,5) &#8211; Vuln\u00e9rabilit\u00e9 de divulgation d&#8217;informations d&#8217;authentification manquantes<\/li>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/claroty.com\/team82\/disclosure-dashboard\/cve-2023-27367\" target=\"_blank\"><strong>CVE-2023-27367<\/strong><\/a>  (Score CVSS\u00a0: 8,0) &#8211; Vuln\u00e9rabilit\u00e9 d&#8217;ex\u00e9cution de code \u00e0 distance par injection de commande<\/li>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/claroty.com\/team82\/disclosure-dashboard\/cve-2023-27368\" target=\"_blank\"><strong>CVE-2023-27368<\/strong><\/a>  (Score CVSS\u00a0: 8,8) &#8211; Vuln\u00e9rabilit\u00e9 de contournement de l&#8217;authentification par d\u00e9bordement de tampon bas\u00e9e sur la pile<\/li>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/claroty.com\/team82\/disclosure-dashboard\/cve-2023-27369\" target=\"_blank\"><strong>CVE-2023-27369<\/strong><\/a>  (Score CVSS\u00a0: 8,8) &#8211; Vuln\u00e9rabilit\u00e9 de contournement de l&#8217;authentification par d\u00e9bordement de tampon bas\u00e9e sur la pile<\/li>\n<li><a rel=\"nofollow noopener\" href=\"https:\/\/claroty.com\/team82\/disclosure-dashboard\/cve-2023-27370\" target=\"_blank\"><strong>CVE-2023-27370<\/strong><\/a>  (Score CVSS\u00a0: 5,7) &#8211; Vuln\u00e9rabilit\u00e9 de divulgation d&#8217;informations de stockage en texte clair dans la configuration des p\u00e9riph\u00e9riques<\/li>\n<\/ul>\n<div class=\"separator\" style=\"clear: both;\"><img decoding=\"async\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/05\/1683906872_871_Les-failles-des-routeurs-Netgear-exposent-les-utilisateurs-aux-logiciels.png\" alt=\"Net Gear\" border=\"0\" data-original-height=\"132\" data-original-width=\"728\" title=\"Net Gear\"\/><\/div>\n<p>Une cha\u00eene d&#8217;exploitation de preuve de concept (PoC) illustr\u00e9e par la soci\u00e9t\u00e9 de cybers\u00e9curit\u00e9 industrielle montre qu&#8217;il est possible d&#8217;encha\u00eener les failles &#8212; CVE-2023-27357, CVE-2023-27369, CVE-2023-27368, CVE-2023-27370 , et CVE-2023-27367 (dans cet ordre) &#8211; pour extraire le num\u00e9ro de s\u00e9rie de l&#8217;appareil et finalement obtenir un acc\u00e8s root \u00e0 celui-ci.<\/p>\n<div class=\"ad_two clear\" style=\"margin: 20px 10px 30px 0;background: rgb(249 251 255);color: rgb(22, 7, 85);padding: 0px 5%;border: 2px solid rgb(217 222 255);border-radius: 10px;text-align: left;box-shadow: 10px 10px 0 #e2ebff;border-top-left-radius: 50px;border-bottom-right-radius: 50px;\"> <span style=\"font-size:14px;margin:25px 0 0 0;font-weight:900;background: #dbdefc;display:inline-block;padding: 3px 20px;border-radius: 100px;letter-spacing: 0.5px;color: #596cec;\">WEBINAIRE \u00c0 VENIR<\/span><\/p>\n<p>Apprenez \u00e0 arr\u00eater les ransomwares avec une protection en temps r\u00e9el<\/p>\n<p style=\"text-align:left;font-size:17px;line-height:30px;margin: 10px 0;color: #4e6a8d;\">Rejoignez notre webinaire et d\u00e9couvrez comment arr\u00eater les attaques de ransomwares dans leur \u00e9lan gr\u00e2ce \u00e0 la MFA en temps r\u00e9el et \u00e0 la protection des comptes de service.<\/p>\n<p><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/silver-web-inside\" target=\"_blank\" style=\"padding: 10px 20px;border-radius: 8px;background-color: #4469f5;font-size:16px;display:inline-block;color:#fff;border:0;line-height:inherit;text-decoration:none;cursor:pointer;MARGIN: 10px 0 25px 0;float:left;font-weight:500;letter-spacing: 0.2px;\">Sauvez ma place\u00a0!<\/a><\/div>\n<p>&#8220;Ces cinq CVE peuvent \u00eatre encha\u00een\u00e9s pour compromettre les routeurs RAX30 concern\u00e9s, dont le plus grave permet l&#8217;ex\u00e9cution de code \u00e0 distance de pr\u00e9-authentification sur l&#8217;appareil&#8221;, a not\u00e9 Katz.<\/p>\n<p>Les utilisateurs de routeurs Netgear RAX30 sont invit\u00e9s \u00e0 mettre \u00e0 jour le micrologiciel version 1.0.10.94 publi\u00e9e par la soci\u00e9t\u00e9 de mise en r\u00e9seau le 7 avril 2023, pour corriger les d\u00e9fauts et att\u00e9nuer les risques potentiels.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2023\/05\/netgear-routers-flaws-expose-users-to.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80212 mai 2023\ue804Ravie LakshmananS\u00e9curit\u00e9 r\u00e9seau \/ Logiciels malveillants Jusqu&#8217;\u00e0 cinq failles de s\u00e9curit\u00e9 ont \u00e9t\u00e9 r\u00e9v\u00e9l\u00e9es dans les routeurs Netgear RAX30 qui pourraient \u00eatre encha\u00een\u00e9s pour contourner l&#8217;authentification et r\u00e9aliser l&#8217;ex\u00e9cution de code \u00e0 distance. &#8220;Des exploits r\u00e9ussis pourraient permettre aux attaquants de surveiller l&#8217;activit\u00e9 Internet des utilisateurs, de d\u00e9tourner les connexions Internet et de [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":731172,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[8074,507,4168,4158,4165,4161,133,2526,39576,4806,4157,4159,4171,4170,65,4167,4589,4590,4160,161990,4163,4162,29603,4172,4169,3492,7529,4166,4164],"class_list":["post-731171","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-attaques","tag-aux","tag-comment-pirater","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-des","tag-distance","tag-exposent","tag-failles","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-les","tag-logiciel-malveillant-de-ransomware","tag-logiciels","tag-malveillants","tag-mises-a-jour-de-la-cybersecurite","tag-netgear","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-routeurs","tag-securite-informatique","tag-securite-internet","tag-surveillance","tag-utilisateurs","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/731171","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=731171"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/731171\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/731172"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=731171"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=731171"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=731171"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}