CVE-2023-34284Hard-coded Credentials in Netgear Rax30 Firmware

CWE-798Hard-coded Credentials3 documents3 sources
Severity
6.3MEDIUMNVD
EPSS
0.0%
top 91.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Netgear Rax30 FirmwareNetgear Rax30
Timeline
PublishedMay 3

Description

NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the system configuration. The system contains a hardcoded user account which can be used to access the CLI service as a low-privileged user. An attacker can leverage this vulnerability to bypass

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

NVDnetgear/rax30_firmware< 1.0.10.94
CVEListV5netgear/rax301.0.9.92_1

🔴Vulnerability Details

2
GHSA
GHSA-fj2f-9p45-mvjp: NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability2024-05-03
CVEList
NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability2024-05-03
CVE-2023-34284 — Hard-coded Credentials in Netgear | cvebase