Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-44445

8.8HIGH

Key Information:

Vendor: Netgear
Status: Cax30
Vendor: CVE Published:; 3 May 2024

Summary

A buffer overflow vulnerability affects NETGEAR CAX30 routers, allowing network-adjacent attackers to execute arbitrary code. The vulnerability is due to improper validation of the length of user-supplied data in the sso binary, resulting in potential remote code execution with root privileges. Attackers can exploit this flaw without requiring authentication, enhancing the severity of the risk. Proper awareness and mitigation steps are essential for users of the affected NETGEAR CAX30 product to safeguard their networks.

Affected Version(s)

CAX30 1.4.10.8

References

https://www.zerodayinitiative.com/advisories/ZDI-23-1636/

x_research-advisory

https://kb.netgear.com/000065859/Security-Advisory-for-Pr...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
Sep 28, 2023