CVE-2023-1327

Published: Mar 14, 2023Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device's web management interface by resetting the admin password.

Affected (1)

Products: Netgear: Rax30 Firmware

Netgear

1 product

Rax30 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rax30 Firmware	Before 1.0.6.74

Running on/with	Platform Versions
Netgear Rax30	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (3)

https://drupal9.tenable.com/security/research/tra-2023-10

Source: vulnreport@tenable.com

Permissions Required

https://github.com/advisories/GHSA-pvxx-rv48-qw5m

Source: nvd@nist.gov

Third Party Advisory

https://drupal9.tenable.com/security/research/tra-2023-10

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

Timeline

No history available yet.