Back

CVE-2023-34284

May 3, 2024, 12:50 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

NETGEAR RAX30 Router

Source

zdi-disclosures@trendmicro.com

Tags

zdi-disclosures@trendmicro.com
CWE-798
2024-05-03
CVE-2023-34284

CVE-2023-34284 details

Published : May 3, 2024, 2:15 a.m.
Last Modified : May 3, 2024, 12:50 p.m.

Description

NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the system configuration. The system contains a hardcoded user account which can be used to access the CLI service as a low-privileged user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19660.

CVSS Score

1 2 3 4 5 6.3 7 8 9 10

Weakness

Weakness Name Description

CVSS Data

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

Base Score

6.3

Exploitability Score

Impact Score

Base Severity

MEDIUM

Vector String : CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References

URL Source
https://kb.netgear.com/000065650/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2023-0003-PSV-2023-0004?article=000065650 zdi-disclosures@trendmicro.com
https://www.zerodayinitiative.com/advisories/ZDI-23-838/ zdi-disclosures@trendmicro.com
This website uses the NVD API, but is not approved or certified by it.