NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability
CVE-2023-51634

7.5HIGH

Key Information:

Vendor: Netgear
Status: Rax30
Vendor: CVE Published:; 22 November 2024

Summary

The NETGEAR RAX30 routers are vulnerable due to improper validation of certificates during file downloads via HTTPS. This flaw allows network-adjacent attackers to compromise the integrity of downloaded information without requiring authentication. By exploiting this vulnerability, attackers can potentially execute arbitrary code in a root context, thereby enhancing their ability to manipulate the router's functionalities. It is essential for users of NETGEAR RAX30 routers to remain vigilant and apply necessary security updates to mitigate risks associated with this vulnerability.

Affected Version(s)

RAX30 1.0.7.78

References

https://www.zerodayinitiative.com/advisories/ZDI-24-583/

x_research-advisory

https://kb.netgear.com/000065928/Security-Advisory-for-Mu...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2024
Vulnerability Reserved
Dec 20, 2023