CVE-2023-27370

CWE-312Cleartext Storage of Sensitive Info3 documents3 sources
Severity
5.7MEDIUM
EPSS
0.0%
top 95.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Netgear Rax30 FirmwareNetgear Rax30
Timeline
PublishedMay 3

Description

NETGEAR RAX30 Device Configuration Cleartext Storage Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of device configuration. The issue results from the storage of configuration secrets in plaintext. An

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages2 packages

NVDnetgear/rax30_firmware< 1.0.10.94
CVEListV5netgear/rax301.0.9.90_3

🔴Vulnerability Details

2
CVEList
NETGEAR RAX30 Device Configuration Cleartext Storage Information Disclosure Vulnerability2024-05-03
GHSA
GHSA-2g83-cg5q-4fmj: NETGEAR RAX30 Device Configuration Cleartext Storage Information Disclosure Vulnerability2024-05-03