Vulnerability Details CVE-2023-48725
A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.29
EPSS Ranking 96.3%
CVSS Severity
CVSS v3 Score 7.2
References
- https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160
- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887
- https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160
- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887
Products affected by CVE-2023-48725
-
cpe:2.3:h:netgear:rax30:-
-
cpe:2.3:o:netgear:rax30_firmware:1.0.11.96
-
cpe:2.3:o:netgear:rax30_firmware:1.0.7.78