How severe is CVE-2023-34283?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2023-34283?

This is classified as CWE-59, which is a common weakness in software security.

CVE-2023-34283 - MEDIUM Severity | CVSS 4.6

Vulnerability Description

NETGEAR RAX30 USB Share Link Following Information Disclosure Vulnerability. This vulnerability allows physically present attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of symbolic links on removable USB media. By creating a symbolic link, an attacker can abuse the router's web server to access arbitrary local files. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-19498.

Related Vulnerabilities

CVE-2022-24372

MEDIUM

CVSS:4.6(Medium)

Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share.

CWE-592022

CVE-2020-3223

MEDIUM

CVSS:4.5(Medium)

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to read arbitrary files on the underlying...

CWE-592020

CVE-2005-1111

MEDIUM

CVSS:4.7(Medium)

Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpi...

CWE-592005

CVE-2010-3095

MEDIUM

CVSS:4.7(Medium)

mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. NOTE: this issue exists because of an incomplete fix for CVE-2008-5...

CWE-592010

CVE-2011-1136

MEDIUM

CVSS:4.7(Medium)

In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file.

CWE-592011

CVE-2018-14329

MEDIUM

CVSS:4.7(Medium)

In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack.

CWE-592018