NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability
CVE-2023-27356

8HIGH

Key Information:

Vendor: Netgear
Status: Rax30
Vendor: CVE Published:; 3 May 2024

Summary

A command injection vulnerability has been identified in NETGEAR RAX30 routers, enabling network-adjacent attackers to execute arbitrary code. The flaw is associated with the 'logCtrl' action, stemming from inadequate validation of user-supplied strings prior to executing system calls. While authentication is a prerequisite for exploitation, the existing measures can be circumvented. This vulnerability poses significant risks, allowing attackers to operate in the context of the root user and potentially compromise network integrity.

Affected Version(s)

RAX30 1.0.9.90_3

References

https://www.zerodayinitiative.com/advisories/ZDI-23-503/

x_research-advisory

https://kb.netgear.com/000065618/Security-Advisory-for-Po...

vendor-advisory

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
Feb 28, 2023