CVE-2023-48725

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write3 documents3 sources
Severity
8.8HIGH
EPSS
31.0%
top 3.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Netgear Rax30Netgear Rax30 Firmware
Timeline
PublishedMar 7

Description

A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5netgear/rax301.0.11.96, 1.0.7.78+1
NVDnetgear/rax30_firmware1.0.11.96, 1.0.7.78+1

🔴Vulnerability Details

2
GHSA
GHSA-jf3p-h292-vfq5: A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 12024-03-07
CVEList
CVE-2023-48725: A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 12024-03-07
CVE-2023-48725 (HIGH CVSS 8.8) | A stack-based buffer overflow vulne | cvebase.io