CVE-2023-48725 - Vulnerability Details - OpenCVE

ReportizFlow

A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Netgear	Rax30 Rax30 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:netgear:rax30_firmware:1.0.7.78:::::::*
	cpe:2.3:o:netgear:rax30_firmware:1.0.11.96:::::::*

cpe:2.3:h:netgear:rax30:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1887

History

Tue, 04 Nov 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1887

Tue, 04 Nov 2025 19:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:netgear:rax30_firmware::::::::
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 11 Mar 2025 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Netgear Netgear rax30 Netgear rax30 Firmware
Weaknesses		CWE-787
CPEs		cpe:2.3:h:netgear:rax30:-:::::::* cpe:2.3:o:netgear:rax30_firmware:1.0.11.96:::::::* cpe:2.3:o:netgear:rax30_firmware:1.0.7.78:::::::*
Vendors & Products		Netgear Netgear rax30 Netgear rax30 Firmware

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2024-03-07T14:59:08.682Z

Updated: 2025-11-04T18:19:17.154Z

Reserved: 2023-12-01T22:00:57.981Z

Link: CVE-2023-48725

Vulnrichment

Updated: 2025-11-04T18:19:17.154Z

NVD

Status : Modified

Published: 2024-03-07T15:15:07.733

Modified: 2025-11-04T19:16:07.370

Link: CVE-2023-48725

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-48725", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2023-12-01T22:00:57.981Z", "datePublished": "2024-03-07T14:59:08.682Z", "dateUpdated": "2025-11-04T18:19:17.154Z"}, "containers": {"cna": {"affected": [{"vendor": "Netgear", "product": "RAX30", "versions": [{"version": "1.0.11.96", "status": "affected"}, {"version": "1.0.7.78", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-121: Stack-based Buffer Overflow", "type": "CWE", "cweId": "CWE-121"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-03-07T18:00:06.823Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887"}, {"url": "https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160", "name": "https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160"}], "credits": [{"lang": "en", "value": "Discovered by Michael Gentile of Cisco Talos"}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887", "tags": ["x_transferred"]}, {"url": "https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160", "name": "https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160", "tags": ["x_transferred"]}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1887"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T18:19:17.154Z"}}, {"affected": [{"vendor": "netgear", "product": "rax30_firmware", "cpes": ["cpe:2.3:o:netgear:rax30_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0.11.96", "status": "affected"}, {"version": "1.0.7.78", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-12T04:00:37.669899Z", "id": "CVE-2023-48725", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-05T15:56:49.293Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887", "tags": ["x_transferred"]}, {"url": "https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160", "name": "https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160", "tags": ["x_transferred"]}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1887"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T18:19:17.154Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-48725", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-12T04:00:37.669899Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:netgear:rax30_firmware:*:*:*:*:*:*:*:*"], "vendor": "netgear", "product": "rax30_firmware", "versions": [{"status": "affected", "version": "1.0.11.96"}, {"status": "affected", "version": "1.0.7.78"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-05T15:56:42.746Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by Michael Gentile of Cisco Talos"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Netgear", "product": "RAX30", "versions": [{"status": "affected", "version": "1.0.11.96"}, {"status": "affected", "version": "1.0.7.78"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887"}, {"url": "https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160", "name": "https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160"}], "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-03-07T18:00:06.823Z"}}}, "cveMetadata": {"cveId": "CVE-2023-48725", "state": "PUBLISHED", "dateUpdated": "2025-11-04T18:19:17.154Z", "dateReserved": "2023-12-01T22:00:57.981Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2024-03-07T14:59:08.682Z", "assignerShortName": "talos"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax30_firmware:1.0.7.78:*:*:*:*:*:*:*", "matchCriteriaId": "35241D58-4702-4740-A97B-DB45F6247D0E", "vulnerable": true}, {"criteria": "cpe:2.3:o:netgear:rax30_firmware:1.0.11.96:*:*:*:*:*:*:*", "matchCriteriaId": "5D6603C7-5166-4D62-AF8B-01FA9BE2730B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax30:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBC92B49-60E0-4554-BE7F-D2B5D6EF6454", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funcionalidad getblockschedule() de JSON Parsing de Netgear RAX30 1.0.11.96 y 1.0.7.78. Una solicitud HTTP especialmente manipulada puede provocar la ejecuci\u00f3n de c\u00f3digo. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad."}], "id": "CVE-2023-48725", "lastModified": "2025-11-04T19:16:07.370", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-03-07T15:15:07.733", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160"}, {"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1887"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "[email protected]", "type": "Primary"}]}