Netgear: Security Vulnerabilities
NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the configuration of the lighttpd HTTP server. The issue results from allowing execution of files from untrusted sources. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19398.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-05-03
NETGEAR RAX30 rex_cgi JSON Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is required to exploit this vulnerability.
The specific flaw exists within the handling of JSON data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19355.
CVSS Score
6.8
EPSS Score
0.018
Published
2024-05-03
NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the logCtrl action. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19825.
CVSS Score
6.8
EPSS Score
0.004
Published
2024-05-03
NETGEAR RAX30 GetInfo Missing Authentication Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of SOAP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose sensitive information, leading to further compromise. Was ZDI-CAN-19608.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-05-03
NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of specific SOAP requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the service account. Was ZDI-CAN-19754.
CVSS Score
8.8
EPSS Score
0.007
Published
2024-05-03
A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-262126 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
2.7
EPSS Score
0.001
Published
2024-04-26
Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter.
CVSS Score
9.8
EPSS Score
0.903
Published
2024-04-03
An information leak in currentsetting.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required.
CVSS Score
7.5
EPSS Score
0.286
Published
2024-04-03
An information leak in debuginfo.htm of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required.
CVSS Score
5.3
EPSS Score
0.174
Published
2024-04-03
An information leak in the BRS_top.html component of Netgear R6850 v1.1.0.88 allows attackers to obtain sensitive information without any authentication required.
CVSS Score
7.5
EPSS Score
0.22
Published
2024-04-03