CVE-2023-34283

CWE-593 documents3 sources
Severity
4.6MEDIUM
EPSS
0.3%
top 49.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Netgear Rax30 FirmwareNetgear Rax30
Timeline
PublishedMay 3

Description

NETGEAR RAX30 USB Share Link Following Information Disclosure Vulnerability. This vulnerability allows physically present attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of symbolic links on removable USB media. By creating a symbolic link, an attacker can abuse the router's web server to access arbitrary local files. An attacker can leverage

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages2 packages

NVDnetgear/rax30_firmware< 1.0.10.94
CVEListV5netgear/rax301.0.9.92_1

🔴Vulnerability Details

2
CVEList
NETGEAR RAX30 USB Share Link Following Information Disclosure Vulnerability2024-05-03
GHSA
GHSA-fqw4-q36v-3c2h: NETGEAR RAX30 USB Share Link Following Information Disclosure Vulnerability2024-05-03
CVE-2023-34283 (MEDIUM CVSS 4.6) | NETGEAR RAX30 USB Share Link Follow | cvebase.io