All the vulnerabilites related to Netgear - RAX30
cve-2023-51635
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.zerodayinitiative.com/advisories/ZDI-24-584/ | x_research-advisory | |
https://kb.netgear.com/000065928/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2023-0139 | vendor-advisory |
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RAX30", "vendor": "NETGEAR", "versions": [ { "status": "affected", "version": "1.0.7.78" } ] } ], "dateAssigned": "2023-12-20T16:02:27.478-06:00", "datePublic": "2024-06-10T12:39:10.806-05:00", "descriptions": [ { "lang": "en", "value": "NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within fing_dil service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19843." } ], "metrics": [ { "cvssV3_0": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-22T20:04:59.288Z", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi" }, "references": [ { "name": "ZDI-24-584", "tags": [ "x_research-advisory" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-584/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory" ], "url": "https://kb.netgear.com/000065928/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2023-0139" } ], "source": { "lang": "en", "value": "Neodyme" }, "title": "NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2023-51635", "datePublished": "2024-11-22T20:04:59.288Z", "dateReserved": "2023-12-20T21:52:34.963Z", "dateUpdated": "2024-11-22T20:04:59.288Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-34285
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.zerodayinitiative.com/advisories/ZDI-23-839/ | x_research-advisory | |
https://kb.netgear.com/000065696/RAX30-Firmware-Version-1-0-11-96-Hot-Fix | vendor-advisory |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:h:netgear:rax30:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rax30", "vendor": "netgear", "versions": [ { "status": "affected", "version": "-" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-34285", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-07T19:29:40.393914Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:21:15.056Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T16:10:05.507Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ZDI-23-839", "tags": [ "x_research-advisory", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-839/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.netgear.com/000065696/RAX30-Firmware-Version-1-0-11-96-Hot-Fix" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RAX30", "vendor": "NETGEAR", "versions": [ { "status": "affected", "version": "1.0.9.92_1" } ] } ], "dateAssigned": "2023-05-31T15:02:02.095-05:00", "datePublic": "2023-06-08T17:10:53.468-05:00", "descriptions": [ { "lang": "en", "value": "NETGEAR RAX30 cmsCli_authenticate Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within a shared library used by the telnetd service, which listens on TCP port 23 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19918." } ], "metrics": [ { "cvssV3_0": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-03T01:57:12.411Z", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi" }, "references": [ { "name": "ZDI-23-839", "tags": [ "x_research-advisory" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-839/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory" ], "url": "https://kb.netgear.com/000065696/RAX30-Firmware-Version-1-0-11-96-Hot-Fix" } ], "source": { "lang": "en", "value": "Stefan Schiller (Sonar)" }, "title": "NETGEAR RAX30 cmsCli_authenticate Stack-based Buffer Overflow Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2023-34285", "datePublished": "2024-05-03T01:57:12.411Z", "dateReserved": "2023-05-31T19:51:08.219Z", "dateUpdated": "2024-08-02T16:10:05.507Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27361
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.zerodayinitiative.com/advisories/ZDI-23-495/ | x_research-advisory | |
https://kb.netgear.com/000065625/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-the-RAX30-PSV-2022-0302 | vendor-advisory |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:netgear:rax30_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rax30_firmware", "vendor": "netgear", "versions": [ { "lessThan": "1.0.9.92", "status": "affected", "version": "1.0.6.74", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-27361", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-23T19:55:05.869915Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-25T16:59:04.662Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T12:09:43.400Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ZDI-23-495", "tags": [ "x_research-advisory", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-495/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.netgear.com/000065625/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-the-RAX30-PSV-2022-0302" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RAX30", "vendor": "NETGEAR", "versions": [ { "status": "affected", "version": "1.0.6.74_1" } ] } ], "dateAssigned": "2023-02-28T12:05:54.098-06:00", "datePublic": "2023-05-01T16:29:42.045-05:00", "descriptions": [ { "lang": "en", "value": "NETGEAR RAX30 rex_cgi JSON Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of JSON data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19355." } ], "metrics": [ { "cvssV3_0": { "baseScore": 6.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-03T01:56:12.897Z", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi" }, "references": [ { "name": "ZDI-23-495", "tags": [ "x_research-advisory" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-495/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory" ], "url": "https://kb.netgear.com/000065625/Security-Advisory-for-Post-Authentication-Buffer-Overflow-on-the-RAX30-PSV-2022-0302" } ], "source": { "lang": "en", "value": "Rocco Calvi (@TecR0c) and Steven Seeley of Incite Team" }, "title": "NETGEAR RAX30 rex_cgi JSON Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2023-27361", "datePublished": "2024-05-03T01:56:12.897Z", "dateReserved": "2023-02-28T17:58:45.484Z", "dateUpdated": "2024-08-02T12:09:43.400Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-34284
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:netgear:rax30_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rax30_firmware", "vendor": "netgear", "versions": [ { "lessThan": "1.0.10.94", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-34284", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-05T20:53:32.889835Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-05T20:57:09.030Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T16:10:05.610Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ZDI-23-838", "tags": [ "x_research-advisory", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-838/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.netgear.com/000065650/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2023-0003-PSV-2023-0004?article=000065650" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RAX30", "vendor": "NETGEAR", "versions": [ { "status": "affected", "version": "1.0.9.92_1" } ] } ], "dateAssigned": "2023-05-31T15:02:02.089-05:00", "datePublic": "2023-06-08T17:10:15.987-05:00", "descriptions": [ { "lang": "en", "value": "NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the system configuration. The system contains a hardcoded user account which can be used to access the CLI service as a low-privileged user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19660." } ], "metrics": [ { "cvssV3_0": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-798", "description": "CWE-798: Use of Hard-coded Credentials", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-03T01:57:11.707Z", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi" }, "references": [ { "name": "ZDI-23-838", "tags": [ "x_research-advisory" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-838/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory" ], "url": "https://kb.netgear.com/000065650/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2023-0003-PSV-2023-0004?article=000065650" } ], "source": { "lang": "en", "value": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative" }, "title": "NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability" } }, "cveMetadata": { "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2023-34284", "datePublished": "2024-05-03T01:57:11.707Z", "dateReserved": "2023-05-31T19:51:08.219Z", "dateUpdated": "2024-08-02T16:10:05.610Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-48725
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:37:54.638Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887", "tags": [ "x_transferred" ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887" }, { "name": "https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160", "tags": [ "x_transferred" ], "url": "https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:netgear:rax30_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rax30_firmware", "vendor": "netgear", "versions": [ { "status": "affected", "version": "1.0.11.96" }, { "status": "affected", "version": "1.0.7.78" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-48725", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-03-12T04:00:37.669899Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-05T15:56:49.293Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "RAX30", "vendor": "Netgear", "versions": [ { "status": "affected", "version": "1.0.11.96" }, { "status": "affected", "version": "1.0.7.78" } ] } ], "credits": [ { "lang": "en", "value": "Discovered by Michael Gentile of Cisco Talos" } ], "descriptions": [ { "lang": "en", "value": "A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-07T18:00:06.823Z", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos" }, "references": [ { "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887" }, { "name": "https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160", "url": "https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160" } ] } }, "cveMetadata": { "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2023-48725", "datePublished": "2024-03-07T14:59:08.682Z", "dateReserved": "2023-12-01T22:00:57.981Z", "dateUpdated": "2024-08-05T15:56:49.293Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27368
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.zerodayinitiative.com/advisories/ZDI-23-499/ | x_research-advisory | |
https://kb.netgear.com/000065619/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0348 | vendor-advisory |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:h:netgear:rax30:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rax30", "vendor": "netgear", "versions": [ { "status": "affected", "version": "-" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-27368", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-16T17:37:48.902265Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:24:52.825Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T12:09:43.325Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ZDI-23-499", "tags": [ "x_research-advisory", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-499/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.netgear.com/000065619/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0348" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RAX30", "vendor": "NETGEAR", "versions": [ { "status": "affected", "version": "1.0.9.90_3" } ] } ], "dateAssigned": "2023-02-28T12:05:54.137-06:00", "datePublic": "2023-05-01T16:30:03.465-05:00", "descriptions": [ { "lang": "en", "value": "NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the soap_serverd binary. When parsing SOAP message headers, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19839." } ], "metrics": [ { "cvssV3_0": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-03T01:56:18.138Z", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi" }, "references": [ { "name": "ZDI-23-499", "tags": [ "x_research-advisory" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-499/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory" ], "url": "https://kb.netgear.com/000065619/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0348" } ], "source": { "lang": "en", "value": "Claroty Research - Vera Mens, Noam Moshe, Uri Katz, Sharon Brizinov" }, "title": "NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability" } }, "cveMetadata": { "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2023-27368", "datePublished": "2024-05-03T01:56:18.138Z", "dateReserved": "2023-02-28T17:58:45.485Z", "dateUpdated": "2024-08-02T12:09:43.325Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27851
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
n/a | NETGEAR Nighthawk WiFi6 Router |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:23:30.387Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://tenable.com/security/research/tra-2023-9" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NETGEAR Nighthawk WiFi6 Router", "vendor": "n/a", "versions": [ { "status": "affected", "version": "prior to V1.0.10.94" } ] } ], "descriptions": [ { "lang": "en", "value": "NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that unintentionally allows users with upload permissions to execute arbitrary code on the device." } ], "problemTypes": [ { "descriptions": [ { "description": "Code Execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-10T00:00:00", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable" }, "references": [ { "url": "https://tenable.com/security/research/tra-2023-9" } ] } }, "cveMetadata": { "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2023-27851", "datePublished": "2023-03-10T00:00:00", "dateReserved": "2023-03-06T00:00:00", "dateUpdated": "2024-08-02T12:23:30.387Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40480
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:netgear:rax30_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rax30_firmware", "vendor": "netgear", "versions": [ { "lessThan": "1.0.9.92", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-40480", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-05T15:23:52.503793Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-05T15:28:03.130Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T18:31:53.852Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ZDI-23-1162", "tags": [ "x_research-advisory", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1162/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.netgear.com/000065645/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0360-PSV-2022-0361" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RAX30", "vendor": "NETGEAR", "versions": [ { "status": "affected", "version": "1.0.6.74_1" } ] } ], "dateAssigned": "2023-08-14T16:14:46.698-05:00", "datePublic": "2023-08-22T15:28:20.013-05:00", "descriptions": [ { "lang": "en", "value": "NETGEAR RAX30 DHCP Server Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the DHCP server. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19705." } ], "metrics": [ { "cvssV3_0": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-03T02:11:15.206Z", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi" }, "references": [ { "name": "ZDI-23-1162", "tags": [ "x_research-advisory" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1162/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory" ], "url": "https://kb.netgear.com/000065645/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0360-PSV-2022-0361" } ], "source": { "lang": "en", "value": "Kevin Wang" }, "title": "NETGEAR RAX30 DHCP Server Command Injection Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2023-40480", "datePublished": "2024-05-03T02:11:15.206Z", "dateReserved": "2023-08-14T21:06:28.913Z", "dateUpdated": "2024-08-02T18:31:53.852Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-47209
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
n/a | NETGEAR Nighthawk WiFi6 Router |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:47:29.410Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.tenable.com/security/research/tra-2022-37" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NETGEAR Nighthawk WiFi6 Router", "vendor": "n/a", "versions": [ { "status": "affected", "version": "NETGEAR Nighthawk WiFi6 Router prior to V1.0.9.90" } ] } ], "descriptions": [ { "lang": "en", "value": "A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is \u201csupport\u201d and cannot be changed by a user via any normally accessible means." } ], "problemTypes": [ { "descriptions": [ { "description": "Hardcoded Credentials", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable" }, "references": [ { "url": "https://www.tenable.com/security/research/tra-2022-37" } ] } }, "cveMetadata": { "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2022-47209", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-12-12T00:00:00", "dateUpdated": "2024-08-03T14:47:29.410Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27357
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.zerodayinitiative.com/advisories/ZDI-23-497/ | x_research-advisory | |
https://kb.netgear.com/000065619/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0348 | vendor-advisory |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:h:netgear:rax30_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rax30_firmware", "vendor": "netgear", "versions": [ { "lessThan": "1.0.10.94", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-27357", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-06T15:53:34.459728Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T15:57:00.916Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T12:09:43.388Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ZDI-23-497", "tags": [ "x_research-advisory", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-497/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.netgear.com/000065619/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0348" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RAX30", "vendor": "NETGEAR", "versions": [ { "status": "affected", "version": "1.0.9.90_3" } ] } ], "dateAssigned": "2023-02-28T12:05:54.075-06:00", "datePublic": "2023-05-01T16:29:52.608-05:00", "descriptions": [ { "lang": "en", "value": "NETGEAR RAX30 GetInfo Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of SOAP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose sensitive information, leading to further compromise. Was ZDI-CAN-19608." } ], "metrics": [ { "cvssV3_0": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-306", "description": "CWE-306: Missing Authentication for Critical Function", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-03T01:56:09.896Z", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi" }, "references": [ { "name": "ZDI-23-497", "tags": [ "x_research-advisory" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-497/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory" ], "url": "https://kb.netgear.com/000065619/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0348" } ], "source": { "lang": "en", "value": "Claroty Research - Vera Mens, Noam Moshe, Uri Katz, Sharon Brizinov" }, "title": "NETGEAR RAX30 GetInfo Missing Authentication Information Disclosure Vulnerability" } }, "cveMetadata": { "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2023-27357", "datePublished": "2024-05-03T01:56:09.896Z", "dateReserved": "2023-02-28T17:58:45.481Z", "dateUpdated": "2024-08-02T12:09:43.388Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40478
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.zerodayinitiative.com/advisories/ZDI-23-1163/ | x_research-advisory | |
https://kb.netgear.com/000065649/Security-Advisory-for-Post-authentication-Buffer-Overflow-on-the-RAX30-PSV-2023-0002 | vendor-advisory |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:h:netgear:rax30:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rax30", "vendor": "netgear", "versions": [ { "lessThan": "1.0.10.94", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-40478", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-06T19:12:15.625542Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-05T20:38:48.907Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T18:31:53.998Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ZDI-23-1163", "tags": [ "x_research-advisory", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1163/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.netgear.com/000065649/Security-Advisory-for-Post-authentication-Buffer-Overflow-on-the-RAX30-PSV-2023-0002" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RAX30", "vendor": "NETGEAR", "versions": [ { "status": "affected", "version": "1.0.9.92_1" } ] } ], "dateAssigned": "2023-08-14T16:14:46.688-05:00", "datePublic": "2023-08-22T15:29:18.065-05:00", "descriptions": [ { "lang": "en", "value": "NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the telnet CLI service, which listens on TCP port 23. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20009." } ], "metrics": [ { "cvssV3_0": { "baseScore": 8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-03T02:11:13.678Z", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi" }, "references": [ { "name": "ZDI-23-1163", "tags": [ "x_research-advisory" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1163/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory" ], "url": "https://kb.netgear.com/000065649/Security-Advisory-for-Post-authentication-Buffer-Overflow-on-the-RAX30-PSV-2023-0002" } ], "source": { "lang": "en", "value": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative" }, "title": "NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2023-40478", "datePublished": "2024-05-03T02:11:13.678Z", "dateReserved": "2023-08-14T21:06:28.913Z", "dateUpdated": "2024-08-02T18:31:53.998Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27370
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.zerodayinitiative.com/advisories/ZDI-23-501/ | x_research-advisory | |
https://kb.netgear.com/000065619/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0348 | vendor-advisory |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:netgear:rax30_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rax30_firmware", "vendor": "netgear", "versions": [ { "lessThan": "1.0.10.94", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-27370", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-16T18:39:02.917206Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-05T19:33:25.989Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T12:09:43.336Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ZDI-23-501", "tags": [ "x_research-advisory", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-501/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.netgear.com/000065619/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0348" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RAX30", "vendor": "NETGEAR", "versions": [ { "status": "affected", "version": "1.0.9.90_3" } ] } ], "dateAssigned": "2023-02-28T12:05:54.148-06:00", "datePublic": "2023-05-01T16:31:01.627-05:00", "descriptions": [ { "lang": "en", "value": "NETGEAR RAX30 Device Configuration Cleartext Storage Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the handling of device configuration. The issue results from the storage of configuration secrets in plaintext. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-19841." } ], "metrics": [ { "cvssV3_0": { "baseScore": 5.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-312", "description": "CWE-312: Cleartext Storage of Sensitive Information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-03T01:56:19.685Z", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi" }, "references": [ { "name": "ZDI-23-501", "tags": [ "x_research-advisory" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-501/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory" ], "url": "https://kb.netgear.com/000065619/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0348" } ], "source": { "lang": "en", "value": "Claroty Research - Vera Mens, Noam Moshe, Uri Katz, Sharon Brizinov" }, "title": "NETGEAR RAX30 Device Configuration Cleartext Storage Information Disclosure Vulnerability" } }, "cveMetadata": { "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2023-27370", "datePublished": "2024-05-03T01:56:19.685Z", "dateReserved": "2023-02-28T17:58:45.486Z", "dateUpdated": "2024-08-02T12:09:43.336Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27360
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.zerodayinitiative.com/advisories/ZDI-23-496/ | x_research-advisory | |
https://kb.netgear.com/000065559/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0352 | vendor-advisory |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:netgear:rax30_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rax30_firmware", "vendor": "netgear", "versions": [ { "lessThan": "1.0.10.94", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-27360", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-17T19:07:41.378327Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-17T19:07:46.711Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T12:09:43.274Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ZDI-23-496", "tags": [ "x_research-advisory", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-496/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.netgear.com/000065559/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0352" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RAX30", "vendor": "NETGEAR", "versions": [ { "status": "affected", "version": "1.0.6.74_1" } ] } ], "dateAssigned": "2023-02-28T12:05:54.092-06:00", "datePublic": "2023-05-01T16:29:47.637-05:00", "descriptions": [ { "lang": "en", "value": "NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the configuration of the lighttpd HTTP server. The issue results from allowing execution of files from untrusted sources. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19398." } ], "metrics": [ { "cvssV3_0": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-345", "description": "CWE-345: Insufficient Verification of Data Authenticity", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-03T01:56:12.177Z", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi" }, "references": [ { "name": "ZDI-23-496", "tags": [ "x_research-advisory" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-496/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory" ], "url": "https://kb.netgear.com/000065559/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0352" } ], "source": { "lang": "en", "value": "Rocco Calvi and Steven Seeley of Incite Team" }, "title": "NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2023-27360", "datePublished": "2024-05-03T01:56:12.177Z", "dateReserved": "2023-02-28T17:58:45.483Z", "dateUpdated": "2024-08-02T12:09:43.274Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-34283
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:netgear:rax30_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rax30_firmware", "vendor": "netgear", "versions": [ { "status": "affected", "version": "1.0.9.92_1" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-34283", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-29T18:01:39.566856Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:21:20.948Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T16:10:05.478Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ZDI-23-837", "tags": [ "x_research-advisory", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-837/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.netgear.com/000065650/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2023-0003-PSV-2023-0004?article=000065650" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RAX30", "vendor": "NETGEAR", "versions": [ { "status": "affected", "version": "1.0.9.92_1" } ] } ], "dateAssigned": "2023-05-31T15:02:02.083-05:00", "datePublic": "2023-06-08T17:10:09.814-05:00", "descriptions": [ { "lang": "en", "value": "NETGEAR RAX30 USB Share Link Following Information Disclosure Vulnerability. This vulnerability allows physically present attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of symbolic links on removable USB media. By creating a symbolic link, an attacker can abuse the router\u0027s web server to access arbitrary local files. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-19498." } ], "metrics": [ { "cvssV3_0": { "baseScore": 4.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-59", "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-03T01:57:11.008Z", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi" }, "references": [ { "name": "ZDI-23-837", "tags": [ "x_research-advisory" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-837/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory" ], "url": "https://kb.netgear.com/000065650/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2023-0003-PSV-2023-0004?article=000065650" } ], "source": { "lang": "en", "value": "Dmitry \"InfoSecDJ\" Janushkevich of Trend Micro Zero Day Initiative" }, "title": "NETGEAR RAX30 USB Share Link Following Information Disclosure Vulnerability" } }, "cveMetadata": { "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2023-34283", "datePublished": "2024-05-03T01:57:11.008Z", "dateReserved": "2023-05-31T19:51:08.219Z", "dateUpdated": "2024-08-02T16:10:05.478Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1327
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
n/a | Netgear RAX30 (AX2400) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:40:59.920Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://drupal9.tenable.com/security/research/tra-2023-10" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Netgear RAX30 (AX2400)", "vendor": "n/a", "versions": [ { "status": "affected", "version": "All versions prior to version 1.0.6.74" } ] } ], "descriptions": [ { "lang": "en", "value": "Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device\u0027s web management interface by resetting the admin password." } ], "problemTypes": [ { "descriptions": [ { "description": "Authentication Bypass", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T00:00:00", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable" }, "references": [ { "url": "https://drupal9.tenable.com/security/research/tra-2023-10" } ] } }, "cveMetadata": { "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2023-1327", "datePublished": "2023-03-14T00:00:00", "dateReserved": "2023-03-10T00:00:00", "dateUpdated": "2024-08-02T05:40:59.920Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27367
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.zerodayinitiative.com/advisories/ZDI-23-498/ | x_research-advisory | |
https://kb.netgear.com/000065619/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0348 | vendor-advisory |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:netgear:rax30_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rax30_firmware", "vendor": "netgear", "versions": [ { "lessThan": "1.0.10.94", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-27367", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-16T18:51:23.874872Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-05T19:33:03.347Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T12:09:43.430Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ZDI-23-498", "tags": [ "x_research-advisory", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-498/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.netgear.com/000065619/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0348" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RAX30", "vendor": "NETGEAR", "versions": [ { "status": "affected", "version": "1.0.9.90_3" } ] } ], "dateAssigned": "2023-02-28T12:05:54.131-06:00", "datePublic": "2023-05-01T16:29:57.990-05:00", "descriptions": [ { "lang": "en", "value": "NETGEAR RAX30 libcms_cli Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the libcms_cli module. The issue results from the lack of proper validation of a user-supplied command before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19838." } ], "metrics": [ { "cvssV3_0": { "baseScore": 8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-03T01:56:17.427Z", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi" }, "references": [ { "name": "ZDI-23-498", "tags": [ "x_research-advisory" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-498/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory" ], "url": "https://kb.netgear.com/000065619/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0348" } ], "source": { "lang": "en", "value": "Claroty Research - Vera Mens, Noam Moshe, Uri Katz, Sharon Brizinov" }, "title": "NETGEAR RAX30 libcms_cli Command Injection Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2023-27367", "datePublished": "2024-05-03T01:56:17.427Z", "dateReserved": "2023-02-28T17:58:45.485Z", "dateUpdated": "2024-08-02T12:09:43.430Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27356
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:netgear:rax30_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rax30_firmware", "vendor": "netgear", "versions": [ { "lessThan": "1.0.10.94", "status": "affected", "version": "1.0.9.90_3", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-27356", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-05T14:20:21.237395Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-10T15:55:30.728Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T12:09:43.353Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ZDI-23-503", "tags": [ "x_research-advisory", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-503/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.netgear.com/000065618/Security-Advisory-for-Post-authentication-Command-Injection-on-Some-Routers-PSV-2022-0350" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RAX30", "vendor": "NETGEAR", "versions": [ { "status": "affected", "version": "1.0.9.90_3" } ] } ], "dateAssigned": "2023-02-28T12:05:54.069-06:00", "datePublic": "2023-05-01T16:31:54.498-05:00", "descriptions": [ { "lang": "en", "value": "NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the logCtrl action. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19825." } ], "metrics": [ { "cvssV3_0": { "baseScore": 6.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-03T01:56:09.001Z", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi" }, "references": [ { "name": "ZDI-23-503", "tags": [ "x_research-advisory" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-503/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory" ], "url": "https://kb.netgear.com/000065618/Security-Advisory-for-Post-authentication-Command-Injection-on-Some-Routers-PSV-2022-0350" } ], "source": { "lang": "en", "value": "Interrupt Labs" }, "title": "NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2023-27356", "datePublished": "2024-05-03T01:56:09.001Z", "dateReserved": "2023-02-28T17:58:45.481Z", "dateUpdated": "2024-08-02T12:09:43.353Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40479
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:netgear:rax30_firmware:1.0.6.74:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rax30_firmware", "vendor": "netgear", "versions": [ { "status": "affected", "version": "1.0.6.74_1" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-40479", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-21T18:05:35.997961Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:19:12.301Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T18:31:53.963Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ZDI-23-1161", "tags": [ "x_research-advisory", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1161/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.netgear.com/000065645/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0360-PSV-2022-0361" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RAX30", "vendor": "NETGEAR", "versions": [ { "status": "affected", "version": "1.0.6.74_1" } ] } ], "dateAssigned": "2023-08-14T16:14:46.693-05:00", "datePublic": "2023-08-22T15:28:16.772-05:00", "descriptions": [ { "lang": "en", "value": "NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the UPnP service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19704." } ], "metrics": [ { "cvssV3_0": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-03T02:11:14.444Z", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi" }, "references": [ { "name": "ZDI-23-1161", "tags": [ "x_research-advisory" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1161/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory" ], "url": "https://kb.netgear.com/000065645/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0360-PSV-2022-0361" } ], "source": { "lang": "en", "value": "Kevin Wang" }, "title": "NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2023-40479", "datePublished": "2024-05-03T02:11:14.444Z", "dateReserved": "2023-08-14T21:06:28.913Z", "dateUpdated": "2024-08-02T18:31:53.963Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1205
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
n/a | NETGEAR Nighthawk WiFi6 Router |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:40:59.821Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://tenable.com/security/research/tra-2023-9" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NETGEAR Nighthawk WiFi6 Router", "vendor": "n/a", "versions": [ { "status": "affected", "version": "prior to V1.0.10.94" } ] } ], "descriptions": [ { "lang": "en", "value": "NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections." } ], "problemTypes": [ { "descriptions": [ { "description": "Cross Site Request Forgery", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-10T00:00:00", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable" }, "references": [ { "url": "https://tenable.com/security/research/tra-2023-9" } ] } }, "cveMetadata": { "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2023-1205", "datePublished": "2023-03-10T00:00:00", "dateReserved": "2023-03-06T00:00:00", "dateUpdated": "2024-08-02T05:40:59.821Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27369
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.zerodayinitiative.com/advisories/ZDI-23-500/ | x_research-advisory | |
https://kb.netgear.com/000065619/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0348 | vendor-advisory |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:h:netgear:rax30:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rax30", "vendor": "netgear", "versions": [ { "status": "affected", "version": "-" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-27369", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-16T17:35:50.521567Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:24:50.810Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T12:09:43.407Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ZDI-23-500", "tags": [ "x_research-advisory", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-500/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.netgear.com/000065619/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0348" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RAX30", "vendor": "NETGEAR", "versions": [ { "status": "affected", "version": "1.0.9.90_3" } ] } ], "dateAssigned": "2023-02-28T12:05:54.142-06:00", "datePublic": "2023-05-01T16:30:11.251-05:00", "descriptions": [ { "lang": "en", "value": "NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the soap_serverd binary. When parsing the request headers, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19840." } ], "metrics": [ { "cvssV3_0": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-03T01:56:18.923Z", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi" }, "references": [ { "name": "ZDI-23-500", "tags": [ "x_research-advisory" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-500/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory" ], "url": "https://kb.netgear.com/000065619/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0348" } ], "source": { "lang": "en", "value": "Claroty Research - Vera Mens, Noam Moshe, Uri Katz, Sharon Brizinov" }, "title": "NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability" } }, "cveMetadata": { "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2023-27369", "datePublished": "2024-05-03T01:56:18.923Z", "dateReserved": "2023-02-28T17:58:45.486Z", "dateUpdated": "2024-08-02T12:09:43.407Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28337
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
n/a | NETGEAR Nighthawk WiFi6 Router (RAX30) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:38:24.987Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://drupal9.tenable.com/security/research/tra-2023-12" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NETGEAR Nighthawk WiFi6 Router (RAX30)", "vendor": "n/a", "versions": [ { "status": "affected", "version": "All known versions" } ] } ], "descriptions": [ { "lang": "en", "value": "When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden \u201cforceFWUpdate\u201d parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the device." } ], "problemTypes": [ { "descriptions": [ { "description": "Signature Bypass", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-15T00:00:00", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable" }, "references": [ { "url": "https://drupal9.tenable.com/security/research/tra-2023-12" } ] } }, "cveMetadata": { "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2023-28337", "datePublished": "2023-03-15T00:00:00", "dateReserved": "2023-03-14T00:00:00", "dateUpdated": "2024-08-02T12:38:24.987Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27850
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
n/a | NETGEAR Nighthawk WiFi6 Router |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:23:30.558Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://tenable.com/security/research/tra-2023-9" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NETGEAR Nighthawk WiFi6 Router", "vendor": "n/a", "versions": [ { "status": "affected", "version": "prior to V1.0.10.94" } ] } ], "descriptions": [ { "lang": "en", "value": "NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device." } ], "problemTypes": [ { "descriptions": [ { "description": "Improper Link Resolution Before File Access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-10T00:00:00", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable" }, "references": [ { "url": "https://tenable.com/security/research/tra-2023-9" } ] } }, "cveMetadata": { "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2023-27850", "datePublished": "2023-03-10T00:00:00", "dateReserved": "2023-03-06T00:00:00", "dateUpdated": "2024-08-02T12:23:30.558Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-47210
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
n/a | NETGEAR Nighthawk WiFi6 Router |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:47:29.412Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.tenable.com/security/research/tra-2022-37" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NETGEAR Nighthawk WiFi6 Router", "vendor": "n/a", "versions": [ { "status": "affected", "version": "NETGEAR Nighthawk WiFi6 Router prior to V1.0.9.90" } ] } ], "descriptions": [ { "lang": "en", "value": "The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device." } ], "problemTypes": [ { "descriptions": [ { "description": "Command Injection", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-16T00:00:00", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable" }, "references": [ { "url": "https://www.tenable.com/security/research/tra-2022-37" } ] } }, "cveMetadata": { "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2022-47210", "datePublished": "2022-12-16T00:00:00", "dateReserved": "2022-12-12T00:00:00", "dateUpdated": "2024-08-03T14:47:29.412Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28338
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
n/a | NETGEAR Nighthawk WiFi6 Router (RAX30) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:38:24.688Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://drupal9.tenable.com/security/research/tra-2023-12" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NETGEAR Nighthawk WiFi6 Router (RAX30)", "vendor": "n/a", "versions": [ { "status": "affected", "version": "All known versions" } ] } ], "descriptions": [ { "lang": "en", "value": "Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)\u0027s web service containing a \u201cContent-Type\u201d of \u201cmultipartboundary=\u201d will result in the request body being written to \u201c/tmp/mulipartFile\u201d on the device itself. A sufficiently large file will cause device resources to be exhausted, resulting in the device becoming unusable until it is rebooted." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-15T00:00:00", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable" }, "references": [ { "url": "https://drupal9.tenable.com/security/research/tra-2023-12" } ] } }, "cveMetadata": { "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2023-28338", "datePublished": "2023-03-15T00:00:00", "dateReserved": "2023-03-14T00:00:00", "dateUpdated": "2024-08-02T12:38:24.688Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-51634
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.zerodayinitiative.com/advisories/ZDI-24-583/ | x_research-advisory | |
https://kb.netgear.com/000065928/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2023-0139 | vendor-advisory |
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RAX30", "vendor": "NETGEAR", "versions": [ { "status": "affected", "version": "1.0.7.78" } ] } ], "dateAssigned": "2023-12-20T16:02:27.472-06:00", "datePublic": "2024-06-10T12:39:01.866-05:00", "descriptions": [ { "lang": "en", "value": "NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19589." } ], "metrics": [ { "cvssV3_0": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-295", "description": "CWE-295: Improper Certificate Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-22T20:04:58.330Z", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi" }, "references": [ { "name": "ZDI-24-583", "tags": [ "x_research-advisory" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-583/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory" ], "url": "https://kb.netgear.com/000065928/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2023-0139" } ], "source": { "lang": "en", "value": "Neodyme" }, "title": "NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2023-51634", "datePublished": "2024-11-22T20:04:58.330Z", "dateReserved": "2023-12-20T21:52:34.963Z", "dateUpdated": "2024-11-22T20:04:58.330Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27358
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.zerodayinitiative.com/advisories/ZDI-23-502/ | x_research-advisory | |
https://kb.netgear.com/000065617/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2022-0349 | vendor-advisory |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:h:netgear:rax30_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rax30_firmware", "vendor": "netgear", "versions": [ { "lessThan": "1.0.10.94", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:netgear:rax35_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rax35_firmware", "vendor": "netgear", "versions": [ { "lessThan": "1.0.10.94", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:netgear:rax38_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rax38_firmware", "vendor": "netgear", "versions": [ { "lessThan": "1.0.10.94", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:netgear:rax40_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rax40_firmware", "vendor": "netgear", "versions": [ { "lessThan": "1.0.10.94", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:netgear:raxe300_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "raxe300_firmware", "vendor": "netgear", "versions": [ { "lessThan": "1.0.10.94", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-27358", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-06T15:39:54.731083Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T15:50:11.494Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T12:09:43.431Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ZDI-23-502", "tags": [ "x_research-advisory", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-502/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.netgear.com/000065617/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2022-0349" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RAX30", "vendor": "NETGEAR", "versions": [ { "status": "affected", "version": "1.0.9.90_3" } ] } ], "dateAssigned": "2023-02-28T12:05:54.080-06:00", "datePublic": "2023-05-01T16:31:16.216-05:00", "descriptions": [ { "lang": "en", "value": "NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of specific SOAP requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. Was ZDI-CAN-19754." } ], "metrics": [ { "cvssV3_0": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-03T01:56:10.655Z", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi" }, "references": [ { "name": "ZDI-23-502", "tags": [ "x_research-advisory" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-502/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory" ], "url": "https://kb.netgear.com/000065617/Security-Advisory-for-Authentication-Bypass-on-Some-Routers-PSV-2022-0349" } ], "source": { "lang": "en", "value": "Interrupt Labs" }, "title": "NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2023-27358", "datePublished": "2024-05-03T01:56:10.655Z", "dateReserved": "2023-02-28T17:58:45.482Z", "dateUpdated": "2024-08-02T12:09:43.431Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27852
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
n/a | NETGEAR Nighthawk WiFi6 Router |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:23:29.467Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://tenable.com/security/research/tra-2023-9" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NETGEAR Nighthawk WiFi6 Router", "vendor": "n/a", "versions": [ { "status": "affected", "version": "prior to V1.0.10.94" } ] } ], "descriptions": [ { "lang": "en", "value": "NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device." } ], "problemTypes": [ { "descriptions": [ { "description": "Code Execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-10T00:00:00", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable" }, "references": [ { "url": "https://tenable.com/security/research/tra-2023-9" } ] } }, "cveMetadata": { "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2023-27852", "datePublished": "2023-03-10T00:00:00", "dateReserved": "2023-03-06T00:00:00", "dateUpdated": "2024-08-02T12:23:29.467Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27853
Vulnerability from cvelistv5
▼ | Vendor | Product |
---|---|---|
n/a | NETGEAR Nighthawk WiFi6 Router |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:23:30.152Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://tenable.com/security/research/tra-2023-9" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "NETGEAR Nighthawk WiFi6 Router", "vendor": "n/a", "versions": [ { "status": "affected", "version": "prior to V1.0.10.94" } ] } ], "descriptions": [ { "lang": "en", "value": "NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device." } ], "problemTypes": [ { "descriptions": [ { "description": "Code Execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-10T00:00:00", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable" }, "references": [ { "url": "https://tenable.com/security/research/tra-2023-9" } ] } }, "cveMetadata": { "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2023-27853", "datePublished": "2023-03-10T00:00:00", "dateReserved": "2023-03-06T00:00:00", "dateUpdated": "2024-08-02T12:23:30.152Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35722
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://www.zerodayinitiative.com/advisories/ZDI-23-894/ | x_research-advisory | |
https://kb.netgear.com/000065699/Security-Advisory-for-Pre-Authentication-Command-Injection-on-the-RAX30-PSV-2023-0046 | vendor-advisory |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:h:netgear:rax30:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rax30", "vendor": "netgear", "versions": [ { "lessThan": "1.0.11.96_2", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-35722", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-05T17:50:29.229976Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T21:01:40.570Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T16:30:44.152Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ZDI-23-894", "tags": [ "x_research-advisory", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-894/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.netgear.com/000065699/Security-Advisory-for-Pre-Authentication-Command-Injection-on-the-RAX30-PSV-2023-0046" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RAX30", "vendor": "NETGEAR", "versions": [ { "status": "affected", "version": "1.0.9.92_1" } ] } ], "dateAssigned": "2023-06-15T15:31:13.938-05:00", "datePublic": "2023-06-30T13:55:14.672-05:00", "descriptions": [ { "lang": "en", "value": "NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of UPnP port mapping requests. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20429." } ], "metrics": [ { "cvssV3_0": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-03T01:57:42.315Z", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi" }, "references": [ { "name": "ZDI-23-894", "tags": [ "x_research-advisory" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-894/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory" ], "url": "https://kb.netgear.com/000065699/Security-Advisory-for-Pre-Authentication-Command-Injection-on-the-RAX30-PSV-2023-0046" } ], "source": { "lang": "en", "value": "Anonymous" }, "title": "NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2023-35722", "datePublished": "2024-05-03T01:57:42.315Z", "dateReserved": "2023-06-15T20:23:02.753Z", "dateUpdated": "2024-08-02T16:30:44.152Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
var-202305-0221
Vulnerability from variot
NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the soap_serverd binary. When parsing SOAP message headers, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19839. This vulnerability information is available below JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reported by: Zero Zero One Co., Ltd. Hayakawa Soraya MrAuthentication may be circumvented by a third party with access to the device. NETGEAR Rax35 is a wireless router from NETGEAR. The vulnerability is caused by a boundary error when the application processes untrusted input
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202305-0221", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "rax35", "scope": null, "trust": 0.8, "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2", "version": null }, { "model": "rax38", "scope": null, "trust": 0.8, "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2", "version": null }, { "model": "rax40", "scope": null, "trust": 0.8, "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2", "version": null }, { "model": "rax30", "scope": null, "trust": 0.7, "vendor": "netgear", "version": null }, { "model": "rax35", "scope": null, "trust": 0.6, "vendor": "netgear", "version": null } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-499" }, { "db": "CNVD", "id": "CNVD-2024-24418" }, { "db": "JVNDB", "id": "JVNDB-2024-003119" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Claroty Research - Vera Mens, Noam Moshe, Uri Katz, Sharon Brizinov", "sources": [ { "db": "ZDI", "id": "ZDI-23-499" } ], "trust": 0.7 }, "cve": "CVE-2023-27368", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 6.5, "id": "CNVD-2024-24418", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "author": "zdi-disclosures@trendmicro.com", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "Low", "attackVector": "Adjacent Network", "author": "OTHER", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2024-003119", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "LOW", "attackVector": "ADJACENT", "author": "ZDI", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2023-27368", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 0.7, "userInteraction": "NONE", "vectorString": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "zdi-disclosures@trendmicro.com", "id": "CVE-2023-27368", "trust": 1.0, "value": "HIGH" }, { "author": "OTHER", "id": "JVNDB-2024-003119", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2023-27368", "trust": 0.7, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2024-24418", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-499" }, { "db": "CNVD", "id": "CNVD-2024-24418" }, { "db": "JVNDB", "id": "JVNDB-2024-003119" }, { "db": "NVD", "id": "CVE-2023-27368" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the soap_serverd binary. When parsing SOAP message headers, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19839. This vulnerability information is available below JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reported by: Zero Zero One Co., Ltd. Hayakawa Soraya MrAuthentication may be circumvented by a third party with access to the device. NETGEAR Rax35 is a wireless router from NETGEAR. The vulnerability is caused by a boundary error when the application processes untrusted input", "sources": [ { "db": "NVD", "id": "CVE-2023-27368" }, { "db": "JVNDB", "id": "JVNDB-2024-003119" }, { "db": "ZDI", "id": "ZDI-23-499" }, { "db": "CNVD", "id": "CNVD-2024-24418" }, { "db": "VULMON", "id": "CVE-2023-27368" } ], "trust": 2.88 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-27368", "trust": 4.0 }, { "db": "ZDI", "id": "ZDI-23-499", "trust": 1.8 }, { "db": "JVNDB", "id": "JVNDB-2024-003119", "trust": 1.4 }, { "db": "JVN", "id": "JVNVU91883072", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-19839", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2024-24418", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2023-27368", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-499" }, { "db": "CNVD", "id": "CNVD-2024-24418" }, { "db": "VULMON", "id": "CVE-2023-27368" }, { "db": "JVNDB", "id": "JVNDB-2024-003119" }, { "db": "NVD", "id": "CVE-2023-27368" } ] }, "id": "VAR-202305-0221", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2024-24418" } ], "trust": 0.8745927333333333 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-24418" } ] }, "last_update_date": "2024-05-31T22:43:39.423000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Security advisory regarding authentication bypass in some routers \u00a0(PSV-2023-0166)", "trust": 0.8, "url": "https://kb.netgear.com/ja/000066096/" }, { "title": "NETGEAR has issued an update to correct this vulnerability.", "trust": 0.7, "url": "https://kb.netgear.com/000065619/security-advisory-for-multiple-vulnerabilities-on-the-rax30-psv-2022-0348" }, { "title": "Patch for NETGEAR RAX35 Buffer Overflow Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/546311" } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-499" }, { "db": "CNVD", "id": "CNVD-2024-24418" }, { "db": "JVNDB", "id": "JVNDB-2024-003119" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-121", "trust": 1.0 }, { "problemtype": "Stack-based buffer overflow (CWE-121) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003119" }, { "db": "NVD", "id": "CVE-2023-27368" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://kb.netgear.com/000065619/security-advisory-for-multiple-vulnerabilities-on-the-rax30-psv-2022-0348" }, { "trust": 1.1, "url": "https://www.zerodayinitiative.com/advisories/zdi-23-499/" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu91883072/index.html" }, { "trust": 0.8, "url": "https://claroty.com/team82/disclosure-dashboard/cve-2023-27368" }, { "trust": 0.6, "url": "https://jvndb.jvn.jp/en/contents/2024/jvndb-2024-003119.html" } ], "sources": [ { "db": "ZDI", "id": "ZDI-23-499" }, { "db": "CNVD", "id": "CNVD-2024-24418" }, { "db": "VULMON", "id": "CVE-2023-27368" }, { "db": "JVNDB", "id": "JVNDB-2024-003119" }, { "db": "NVD", "id": "CVE-2023-27368" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-23-499" }, { "db": "CNVD", "id": "CNVD-2024-24418" }, { "db": "VULMON", "id": "CVE-2023-27368" }, { "db": "JVNDB", "id": "JVNDB-2024-003119" }, { "db": "NVD", "id": "CVE-2023-27368" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-05-01T00:00:00", "db": "ZDI", "id": "ZDI-23-499" }, { "date": "2024-05-29T00:00:00", "db": "CNVD", "id": "CNVD-2024-24418" }, { "date": "2024-04-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2024-003119" }, { "date": "2024-05-03T02:15:15.417000", "db": "NVD", "id": "CVE-2023-27368" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-05-01T00:00:00", "db": "ZDI", "id": "ZDI-23-499" }, { "date": "2024-05-27T00:00:00", "db": "CNVD", "id": "CNVD-2024-24418" }, { "date": "2024-04-25T02:04:00", "db": "JVNDB", "id": "JVNDB-2024-003119" }, { "date": "2024-05-03T12:50:34.250000", "db": "NVD", "id": "CVE-2023-27368" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NETGEAR\u00a0 Buffer overflow vulnerability in Microsoft routers", "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-003119" } ], "trust": 0.8 } }
var-202303-1178
Vulnerability from variot
Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s web service containing a “Content-Type” of “multipartboundary=” will result in the request body being written to “/tmp/mulipartFile” on the device itself. A sufficiently large file will cause device resources to be exhausted, resulting in the device becoming unusable until it is rebooted. of netgear RAX30 A vulnerability exists in the firmware regarding resource allocation without limits or throttling.Service operation interruption (DoS) It may be in a state. NETGEAR RAX30 is a dual-band wireless router from NETGEAR.
NETGEAR RAX30 has a denial of service vulnerability. The vulnerability stems from the improper handling of a large number of message requests
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202303-1178", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "rax30", "scope": "eq", "trust": 1.0, "vendor": "netgear", "version": "*" }, { "model": "rax30", "scope": null, "trust": 0.8, "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2", "version": null }, { "model": "rax30", "scope": "eq", "trust": 0.8, "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2", "version": null }, { "model": "rax30", "scope": "eq", "trust": 0.8, "vendor": "\u30cd\u30c3\u30c8\u30ae\u30a2", "version": "rax30 firmware" }, { "model": "rax30", "scope": null, "trust": 0.6, "vendor": "netgear", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-64078" }, { "db": "JVNDB", "id": "JVNDB-2023-005413" }, { "db": "NVD", "id": "CVE-2023-28338" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:netgear:rax30_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:netgear:rax30:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-28338" } ] }, "cve": "CVE-2023-28338", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2023-64078", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2023-28338", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-28338", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2023-64078", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202303-1288", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-64078" }, { "db": "JVNDB", "id": "JVNDB-2023-005413" }, { "db": "NVD", "id": "CVE-2023-28338" }, { "db": "CNNVD", "id": "CNNVD-202303-1288" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)\u0027s web service containing a \u201cContent-Type\u201d of \u201cmultipartboundary=\u201d will result in the request body being written to \u201c/tmp/mulipartFile\u201d on the device itself. A sufficiently large file will cause device resources to be exhausted, resulting in the device becoming unusable until it is rebooted. of netgear RAX30 A vulnerability exists in the firmware regarding resource allocation without limits or throttling.Service operation interruption (DoS) It may be in a state. NETGEAR RAX30 is a dual-band wireless router from NETGEAR. \n\r\n\r\nNETGEAR RAX30 has a denial of service vulnerability. The vulnerability stems from the improper handling of a large number of message requests", "sources": [ { "db": "NVD", "id": "CVE-2023-28338" }, { "db": "JVNDB", "id": "JVNDB-2023-005413" }, { "db": "CNVD", "id": "CNVD-2023-64078" }, { "db": "VULMON", "id": "CVE-2023-28338" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-28338", "trust": 3.9 }, { "db": "TENABLE", "id": "TRA-2023-12", "trust": 2.3 }, { "db": "JVNDB", "id": "JVNDB-2023-005413", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2023-64078", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202303-1288", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2023-28338", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-64078" }, { "db": "VULMON", "id": "CVE-2023-28338" }, { "db": "JVNDB", "id": "JVNDB-2023-005413" }, { "db": "NVD", "id": "CVE-2023-28338" }, { "db": "CNNVD", "id": "CNNVD-202303-1288" } ] }, "id": "VAR-202303-1178", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2023-64078" } ], "trust": 0.06 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-64078" } ] }, "last_update_date": "2023-12-18T12:41:16.320000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-770", "trust": 1.0 }, { "problemtype": "Allocation of resources without limits or throttling (CWE-770) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-005413" }, { "db": "NVD", "id": "CVE-2023-28338" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "https://drupal9.tenable.com/security/research/tra-2023-12" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-28338" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-28338/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2023-64078" }, { "db": "VULMON", "id": "CVE-2023-28338" }, { "db": "JVNDB", "id": "JVNDB-2023-005413" }, { "db": "NVD", "id": "CVE-2023-28338" }, { "db": "CNNVD", "id": "CNNVD-202303-1288" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2023-64078" }, { "db": "VULMON", "id": "CVE-2023-28338" }, { "db": "JVNDB", "id": "JVNDB-2023-005413" }, { "db": "NVD", "id": "CVE-2023-28338" }, { "db": "CNNVD", "id": "CNNVD-202303-1288" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-08-16T00:00:00", "db": "CNVD", "id": "CNVD-2023-64078" }, { "date": "2023-03-15T00:00:00", "db": "VULMON", "id": "CVE-2023-28338" }, { "date": "2023-11-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-005413" }, { "date": "2023-03-15T23:15:09.957000", "db": "NVD", "id": "CVE-2023-28338" }, { "date": "2023-03-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202303-1288" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-08-21T00:00:00", "db": "CNVD", "id": "CNVD-2023-64078" }, { "date": "2023-03-16T00:00:00", "db": "VULMON", "id": "CVE-2023-28338" }, { "date": "2023-11-08T03:19:00", "db": "JVNDB", "id": "JVNDB-2023-005413" }, { "date": "2023-03-21T17:57:33.130000", "db": "NVD", "id": "CVE-2023-28338" }, { "date": "2023-03-22T00:00:00", "db": "CNNVD", "id": "CNNVD-202303-1288" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202303-1288" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "of netgear \u00a0RAX30\u00a0 Unlimited or Throttling Resource Allocation Vulnerability in Firmware", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-005413" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202303-1288" } ], "trust": 0.6 } }