NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability
CVE-2023-51635

8.8HIGH

Key Information:

Vendor: Netgear
Status: Rax30
Vendor: CVE Published:; 22 November 2024

Summary

The vulnerability identified within the NETGEAR RAX30 router involves a stack-based buffer overflow in the fing_dil service. This flaw occurs due to improper validation of the length of user-supplied data before it is copied into a fixed-length buffer on the stack. As a result, an attacker who is network-adjacent can exploit this weakness to execute arbitrary code with root privileges on the affected device without requiring authentication.

Affected Version(s)

RAX30 1.0.7.78

References

https://www.zerodayinitiative.com/advisories/ZDI-24-584/

x_research-advisory

https://kb.netgear.com/000065928/Security-Advisory-for-Mu...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2024
Vulnerability Reserved
Dec 20, 2023