CVE-2023-48725 - Vulnerability Details - OpenCVE

A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.30515.

Key SSVC decision points have not yet been added.

Vendors	Products
Netgear	Rax30 Rax30 Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:netgear:rax30_firmware:1.0.7.78:::::::*
	cpe:2.3:o:netgear:rax30_firmware:1.0.11.96:::::::*

cpe:2.3:h:netgear:rax30:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887

History

Tue, 11 Mar 2025 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Netgear Netgear rax30 Netgear rax30 Firmware
Weaknesses		CWE-787
CPEs		cpe:2.3:h:netgear:rax30:-:::::::* cpe:2.3:o:netgear:rax30_firmware:1.0.11.96:::::::* cpe:2.3:o:netgear:rax30_firmware:1.0.7.78:::::::*
Vendors & Products		Netgear Netgear rax30 Netgear rax30 Firmware

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2024-03-07T14:59:08.682Z

Updated: 2024-08-05T15:56:49.293Z

Reserved: 2023-12-01T22:00:57.981Z

Link: CVE-2023-48725

Vulnrichment

Updated: 2024-08-02T21:37:54.638Z

NVD

Status : Analyzed

Published: 2024-03-07T15:15:07.733

Modified: 2025-03-11T16:56:47.143

Link: CVE-2023-48725

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-48725", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2023-12-01T22:00:57.981Z", "datePublished": "2024-03-07T14:59:08.682Z", "dateUpdated": "2024-08-05T15:56:49.293Z"}, "containers": {"cna": {"affected": [{"vendor": "Netgear", "product": "RAX30", "versions": [{"version": "1.0.11.96", "status": "affected"}, {"version": "1.0.7.78", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-121: Stack-based Buffer Overflow", "type": "CWE", "cweId": "CWE-121"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-03-07T18:00:06.823Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887"}, {"url": "https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160", "name": "https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160"}], "credits": [{"lang": "en", "value": "Discovered by Michael Gentile of Cisco Talos"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:37:54.638Z"}, "title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887", "tags": ["x_transferred"]}, {"url": "https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160", "name": "https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "netgear", "product": "rax30_firmware", "cpes": ["cpe:2.3:o:netgear:rax30_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0.11.96", "status": "affected"}, {"version": "1.0.7.78", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-12T04:00:37.669899Z", "id": "CVE-2023-48725", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-05T15:56:49.293Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887", "tags": ["x_transferred"]}, {"url": "https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160", "name": "https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:37:54.638Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-48725", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-12T04:00:37.669899Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:netgear:rax30_firmware:*:*:*:*:*:*:*:*"], "vendor": "netgear", "product": "rax30_firmware", "versions": [{"status": "affected", "version": "1.0.11.96"}, {"status": "affected", "version": "1.0.7.78"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-05T15:56:42.746Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by Michael Gentile of Cisco Talos"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Netgear", "product": "RAX30", "versions": [{"status": "affected", "version": "1.0.11.96"}, {"status": "affected", "version": "1.0.7.78"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887"}, {"url": "https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160", "name": "https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160"}], "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-03-07T18:00:06.823Z"}}}, "cveMetadata": {"cveId": "CVE-2023-48725", "state": "PUBLISHED", "dateUpdated": "2024-08-05T15:56:49.293Z", "dateReserved": "2023-12-01T22:00:57.981Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2024-03-07T14:59:08.682Z", "assignerShortName": "talos"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:rax30_firmware:1.0.7.78:*:*:*:*:*:*:*", "matchCriteriaId": "35241D58-4702-4740-A97B-DB45F6247D0E", "vulnerable": true}, {"criteria": "cpe:2.3:o:netgear:rax30_firmware:1.0.11.96:*:*:*:*:*:*:*", "matchCriteriaId": "5D6603C7-5166-4D62-AF8B-01FA9BE2730B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:rax30:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBC92B49-60E0-4554-BE7F-D2B5D6EF6454", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funcionalidad getblockschedule() de JSON Parsing de Netgear RAX30 1.0.11.96 y 1.0.7.78. Una solicitud HTTP especialmente manipulada puede provocar la ejecuci\u00f3n de c\u00f3digo. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad."}], "id": "CVE-2023-48725", "lastModified": "2025-03-11T16:56:47.143", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-07T15:15:07.733", "references": [{"source": "talos-cna@cisco.com", "tags": ["Vendor Advisory"], "url": "https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160"}, {"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://kb.netgear.com/000066037/Security-Advisory-for-Post-Authentication-Stack-Overflow-on-the-RAX30-PSV-2023-0160"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1887"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "talos-cna@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}