Netgear: >> Rax30 Firmware Security Vulnerabilities
The default console presented to users over telnet (when enabled) is restricted to a subset of commands. Commands issued at this console, however, appear to be fed directly into a system call or other similar function. This allows any authenticated user to execute arbitrary commands on the device.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-12-16
A support user exists on the device and appears to be a backdoor for Technical Support staff. The default password for this account is “support” and cannot be changed by a user via any normally accessible means.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-12-16
Page 4