CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51634 – NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-51634
NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://kb.netgear.com/000065928/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2023-0139 https://www.zerodayinitiative.com/advisories/ZDI-24-583 • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51635 – NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-51635
NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within fing_dil service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. • https://kb.netgear.com/000065928/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2023-0139 https://www.zerodayinitiative.com/advisories/ZDI-24-584 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-48725
https://notcve.org/view.php?id=CVE-2023-48725
A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en la funcionalidad getblockschedule() de JSON Parsing de Netgear RAX30 1.0.11.96 y 1.0.7.78. Una solicitud HTTP especialmente manipulada puede provocar la ejecución de código. • https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160 https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28337
https://notcve.org/view.php?id=CVE-2023-28337
When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the device. • https://drupal9.tenable.com/security/research/tra-2023-12 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28338
https://notcve.org/view.php?id=CVE-2023-28338
Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s web service containing a “Content-Type” of “multipartboundary=” will result in the request body being written to “/tmp/mulipartFile” on the device itself. A sufficiently large file will cause device resources to be exhausted, resulting in the device becoming unusable until it is rebooted. • https://drupal9.tenable.com/security/research/tra-2023-12 • CWE-770: Allocation of Resources Without Limits or Throttling •