Buffer Overflow Vulnerability in Netgear RAX30 Could Lead to Code Execution
CVE-2023-48725

7.2HIGH

Key Information:

Vendor: Netgear
Status: Rax30
Vendor: CVE Published:; 7 March 2024

Summary

A stack-based buffer overflow vulnerability is present in the JSON Parsing functionality for the getblockschedule() method of the Netgear RAX30 routers. This issue arises when an attacker sends a specially crafted HTTP request after authentication, which may lead to arbitrary code execution. It is crucial for users of the affected firmware versions to apply security measures to mitigate the potential exploitation of this vulnerability.

Affected Version(s)

RAX30 1.0.11.96

RAX30 1.0.7.78

References

https://talosintelligence.com/vulnerability_reports/TALOS...

https://kb.netgear.com/000066037/Security-Advisory-for-Po...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 7, 2024
Vulnerability Reserved
Dec 1, 2023

Credit

Discovered by Michael Gentile of Cisco Talos