CVE-2023-1327

CWE-287Improper Authentication3 documents3 sources
Severity
9.8CRITICAL
EPSS
1.5%
top 18.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Netgear Rax30 Firmware
Timeline
PublishedMar 14
Latest updateMar 15

Description

Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device's web management interface by resetting the admin password.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5netgear_rax30_(ax2400)All versions prior to version 1.0.6.74
NVDnetgear/rax30_firmware< 1.0.6.74

🔴Vulnerability Details

2
GHSA
GHSA-pvxx-rv48-qw5m: Netgear RAX30 (AX2400), prior to version 12023-03-15
CVEList
CVE-2023-1327: Netgear RAX30 (AX2400), prior to version 12023-03-14
CVE-2023-1327 (CRITICAL CVSS 9.8) | Netgear RAX30 (AX2400) | cvebase.io