Details of VAR-202308-3024

ID

VAR-202308-3024

CVE

CVE-2023-40478

TITLE

of netgear RAX30 Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-027736

DESCRIPTION

NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the telnet CLI service, which listens on TCP port 23. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20009. of netgear RAX30 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR RAX30 is a dual-band wireless router from NETGEAR

Trust: 2.79

sources: NVD: CVE-2023-40478 // JVNDB: JVNDB-2023-027736 // ZDI: ZDI-23-1163 // CNVD: CNVD-2024-33904

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-33904

AFFECTED PRODUCTS

vendor:	netgear	model:	rax30	scope:	-	version:	-	Trust: 1.3
vendor:	netgear	model:	rax30	scope:	lt	version:	1.0.10.94	Trust: 1.0
vendor:	ネットギア	model:	rax30	scope:	eq	version:	rax30 firmware 1.0.10.94	Trust: 0.8
vendor:	ネットギア	model:	rax30	scope:	eq	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rax30	scope:	-	version:	-	Trust: 0.8

sources: ZDI: ZDI-23-1163 // CNVD: CNVD-2024-33904 // JVNDB: JVNDB-2023-027736 // NVD: CVE-2023-40478

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com:	CVE-2023-40478
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2023-40478
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2023-40478
value:	MEDIUM
Trust: 0.8
ZDI:	CVE-2023-40478
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2024-33904
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-33904
severity:	HIGH
baseScore:	7.7
vectorString:	AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	5.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

zdi-disclosures@trendmicro.com:	CVE-2023-40478
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.0
Trust: 1.0
nvd@nist.gov:	CVE-2023-40478
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2023-40478
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2023-40478
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-23-1163 // CNVD: CNVD-2024-33904 // JVNDB: JVNDB-2023-027736 // NVD: CVE-2023-40478 // NVD: CVE-2023-40478

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-121	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-027736 // NVD: CVE-2023-40478

PATCH

title:	NETGEAR has issued an update to correct this vulnerability.	url:	https://kb.netgear.com/000065649/Security-Advisory-for-Post-authentication-Buffer-Overflow-on-the-RAX30-PSV-2023-0002	Trust: 0.7
title:	Patch for NETGEAR RAX30 Stack Buffer Overflow Vulnerability (CNVD-2024-33904)	url:	https://www.cnvd.org.cn/patchInfo/show/574136	Trust: 0.6

sources: ZDI: ZDI-23-1163 // CNVD: CNVD-2024-33904

EXTERNAL IDS

db:	NVD	id:	CVE-2023-40478	Trust: 3.9
db:	ZDI	id:	ZDI-23-1163	Trust: 2.5
db:	JVNDB	id:	JVNDB-2023-027736	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-20009	Trust: 0.7
db:	CNVD	id:	CNVD-2024-33904	Trust: 0.6

sources: ZDI: ZDI-23-1163 // CNVD: CNVD-2024-33904 // JVNDB: JVNDB-2023-027736 // NVD: CVE-2023-40478

REFERENCES

url:	https://kb.netgear.com/000065649/security-advisory-for-post-authentication-buffer-overflow-on-the-rax30-psv-2023-0002	Trust: 2.5
url:	https://www.zerodayinitiative.com/advisories/zdi-23-1163/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-40478	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-40478	Trust: 0.6

sources: ZDI: ZDI-23-1163 // CNVD: CNVD-2024-33904 // JVNDB: JVNDB-2023-027736 // NVD: CVE-2023-40478

CREDITS

Dmitry "InfoSecDJ" Janushkevich of Trend Micro Zero Day Initiative

Trust: 0.7

sources: ZDI: ZDI-23-1163

SOURCES

db:	ZDI	id:	ZDI-23-1163
db:	CNVD	id:	CNVD-2024-33904
db:	JVNDB	id:	JVNDB-2023-027736
db:	NVD	id:	CVE-2023-40478

LAST UPDATE DATE

2025-01-08T22:53:48.945000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-23-1163	date:	2023-08-22T00:00:00
db:	CNVD	id:	CNVD-2024-33904	date:	2024-07-30T00:00:00
db:	JVNDB	id:	JVNDB-2023-027736	date:	2025-01-06T09:07:00
db:	NVD	id:	CVE-2023-40478	date:	2025-01-03T16:34:16.067

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-23-1163	date:	2023-08-22T00:00:00
db:	CNVD	id:	CNVD-2024-33904	date:	2024-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2023-027736	date:	2025-01-06T00:00:00
db:	NVD	id:	CVE-2023-40478	date:	2024-05-03T03:15:20.650