NETGEAR RAX30 GetInfo Missing Authentication Information Disclosure Vulnerability
CVE-2023-27357

6.5MEDIUM

Key Information:

Vendor: Netgear
Status: Rax30
Vendor: CVE Published:; 3 May 2024

Summary

NETGEAR RAX30 routers are susceptible to a vulnerability that allows network-adjacent attackers to disclose sensitive information without the need for authentication. The flaw originates from improper handling of SOAP requests, which permits unauthorized access to sensitive functions and data. This vulnerability can be exploited to gain further access, potentially compromising the overall security of the network. For additional information, please refer to the security advisory from NETGEAR and the Zero Day Initiative.

Affected Version(s)

RAX30 1.0.9.90_3

References

https://www.zerodayinitiative.com/advisories/ZDI-23-497/

x_research-advisory

https://kb.netgear.com/000065619/Security-Advisory-for-Mu...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
Feb 28, 2023