NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability
CVE-2023-27369

8.8HIGH

Key Information:

Vendor: Netgear
Status: Rax30
Vendor: CVE Published:; 3 May 2024

Summary

A vulnerability exists in the soap_serverd binary of the NETGEAR RAX30, allowing network-adjacent attackers to exploit the system due to improper validation of user-supplied data lengths. This flaw enables attackers to bypass necessary authentication mechanisms, which could lead to arbitrary code execution on affected installations. The vulnerability arises when the application inaccurately processes incoming request headers, resulting in a stack-based buffer overflow. As a consequence, unauthorized users may gain access to sensitive functions without the need for valid credentials.

Affected Version(s)

RAX30 1.0.9.90_3

References

https://www.zerodayinitiative.com/advisories/ZDI-23-500/

x_research-advisory

https://kb.netgear.com/000065619/Security-Advisory-for-Mu...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
Feb 28, 2023