NETGEAR RAX30 lighttpd RCE via Misconfiguration
CVE-2023-27360 Published on May 3, 2024
NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability
NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the configuration of the lighttpd HTTP server. The issue results from allowing execution of files from untrusted sources. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19398.
Weakness Type
Insufficient Verification of Data Authenticity
The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Products Associated with CVE-2023-27360
Want to know whenever a new CVE is published for Netgear Rax30 Firmware? stack.watch will email you.
Affected Versions
NETGEAR RAX30:- Version 1.0.6.74_1 is affected.
- Before 1.0.10.94 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.