Lucene search

TenableCVE-2023-1327

HistoryMar 14, 2023 - 10:15 p.m.

CVE-2023-1327

2023-03-1422:15:10

CWE-287

tenable

web.nvd.nist.gov

netgear

rax30

ax2400

authentication bypass

vulnerability

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.002

Percentile

57.7%

JSON

Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device’s web management interface by resetting the admin password.

Affected configurations

Nvd

Node

netgearrax30Match-

AND

netgearrax30_firmwareRange<1.0.6.74

VendorProductVersionCPE
netgearrax30-cpe:2.3:h:netgear:rax30:-:*:*:*:*:*:*:*
netgearrax30_firmware*cpe:2.3:o:netgear:rax30_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgear	rax30	-	cpe:2.3:h:netgear:rax30:-:::::::*
netgear	rax30_firmware	*	cpe:2.3:o:netgear:rax30_firmware::::::::

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "Netgear RAX30 (AX2400)",
    "versions": [
      {
        "version": "All versions prior to version 1.0.6.74",
        "status": "affected"
      }
    ]
  }
]

References

drupal9.tenable.com/security/research/tra-2023-10

github.com/advisories/GHSA-pvxx-rv48-qw5m

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.002

Percentile

57.7%

JSON

Related for CVE-2023-1327