NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability. The specific flaw exists within the soap_serverd binary. When parsing the request headers, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19840.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published: 2024-05-03T01:56:18.923Z

Updated: 2024-08-02T12:09:43.407Z

Reserved: 2023-02-28T17:58:45.486Z

Link: CVE-2023-27369

cve-icon Vulnrichment

Updated: 2024-05-16T17:37:30.710Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-03T02:15:15.587

Modified: 2024-11-21T07:52:46.223

Link: CVE-2023-27369

cve-icon Redhat

No data.