How severe is CVE-2023-27370?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.7 out of 10.

What type of vulnerability is CVE-2023-27370?

This is classified as CWE-312, which is a common weakness in software security.

CVE-2023-27370 - MEDIUM Severity | CVSS 5.7

Vulnerability Description

NETGEAR RAX30 Device Configuration Cleartext Storage Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of device configuration. The issue results from the storage of configuration secrets in plaintext. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-19841.

Related Vulnerabilities

CVE-2024-55582

MEDIUM

CVSS:5.7(Medium)

Oxide before 6 has unencrypted Control Plane datastores.

CWE-3122024

CVE-2002-1696

MEDIUM

CVSS:5.5(Medium)

Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Alwa...

CWE-3122002

CVE-2005-2209

MEDIUM

CVSS:5.5(Medium)

Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users.

CWE-3122005

CVE-2008-1567

MEDIUM

CVSS:5.5(Medium)

phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive info...

CWE-3122008

CVE-2009-1466

MEDIUM

CVSS:5.5(Medium)

Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file.

CWE-3122009

CVE-2011-2916

MEDIUM

CVSS:5.5(Medium)

qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key us...

CWE-3122011