NETGEAR RAX30 cmsCli_authenticate Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-34285

8.8HIGH

Key Information:

Vendor: Netgear
Status: Rax30
Vendor: CVE Published:; 3 May 2024

Summary

This specific vulnerability in the NETGEAR RAX30 router is a stack-based buffer overflow stemming from inadequate validation of user-input data in a shared library associated with the telnetd service. The telnetd service, which commonly operates on TCP port 23, does not appropriately check the length of input data before it is copied into a stack-based buffer. As a result, network-adjacent attackers can exploit this flaw to execute arbitrary code with root privileges, potentially compromising the security of the device without the need for authentication.

Affected Version(s)

RAX30 1.0.9.92_1

References

https://www.zerodayinitiative.com/advisories/ZDI-23-839/

x_research-advisory

https://kb.netgear.com/000065696/RAX30-Firmware-Version-1...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
May 31, 2023