Buffer Overflow Vulnerability in Netgear RAX30 Could Lead to Code Execution

CVE-2023-48725

7.2HIGH

Key Information

Vendor: Netgear
Status: Rax30
Vendor: CVE Published:; 7 March 2024

Summary

A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Affected Version(s)

RAX30 = 1.0.11.96

RAX30 = 1.0.7.78

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Mar 7, 2024
Vulnerability Reserved.
Dec 1, 2023

Collectors

NVD DatabaseMitre Database

Credit

Discovered by Michael Gentile of Cisco Talos