NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19589.
Metrics
Affected Vendors & Products
References
History
Thu, 05 Dec 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Netgear
Netgear rax30 Firmware |
|
CPEs | cpe:2.3:o:netgear:rax30_firmware:1.0.7.78:*:*:*:*:*:*:* | |
Vendors & Products |
Netgear
Netgear rax30 Firmware |
|
Metrics |
ssvc
|
Fri, 22 Nov 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19589. | |
Title | NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability | |
Weaknesses | CWE-295 | |
References |
| |
Metrics |
cvssV3_0
|
MITRE
Status: PUBLISHED
Assigner: zdi
Published: 2024-11-22T20:04:58.330Z
Updated: 2024-12-05T14:49:40.152Z
Reserved: 2023-12-20T21:52:34.963Z
Link: CVE-2023-51634
Vulnrichment
Updated: 2024-12-05T14:49:35.680Z
NVD
Status : Received
Published: 2024-11-22T20:15:06.050
Modified: 2024-11-22T20:15:06.050
Link: CVE-2023-51634
Redhat
No data.