NETGEAR RAX30 USB Share Link Following Information Disclosure Vulnerability
CVE-2023-34283

4.6MEDIUM

Key Information:

Vendor: Netgear
Status: Rax30
Vendor: CVE Published:; 3 May 2024

What is CVE-2023-34283?

A significant information disclosure vulnerability has been identified in NETGEAR RAX30 routers, stemming from the improper handling of symbolic links on removable USB devices. This flaw enables a physically present attacker to create symbolic links that manipulate the router's web server into revealing arbitrary local files. The absence of authentication requirements magnifies the risk, as any individual with physical access can potentially leverage this vulnerability to access sensitive information in the context of root. For more information, refer to the advisories from the Zero Day Initiative and NETGEAR's security resources.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

RAX30 1.0.9.92_1

References

https://www.zerodayinitiative.com/advisories/ZDI-23-837/

x_research-advisory

https://kb.netgear.com/000065650/Security-Advisory-for-Mu...

vendor-advisory

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
May 31, 2023

JSON

Netgear

What is CVE-2023-34283?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.