CVE-2023-51634

CVSS 3.0 Score 7.5 of 10 (high)

Details

Published Nov 22, 2024
CWE ID 295

Summary

CVE-2023-51634 is a remote code execution vulnerability affecting NETGEAR RAX30 routers. Critically, this issue permits network-adjacent attackers to compromise the security of downloaded information without requiring authentication. The root cause of this vulnerability lies in the improper certificate validation during HTTPS file downloads. Malicious actors can exploit this flaw in conjunction with other vulnerabilities to execute arbitrary code with root privileges. This vulnerability was identified as ZDI-CAN-19589.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share