How severe is CVE-2023-40478?

This vulnerability has a severity rating of HIGH with a CVSS score of 8 out of 10.

What type of vulnerability is CVE-2023-40478?

This is classified as CWE-121, which is a common weakness in software security.

CVE-2023-40478 - HIGH Severity | CVSS 8

Vulnerability Description

NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the telnet CLI service, which listens on TCP port 23. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20009.

Related Vulnerabilities

CVE-2021-22673

HIGH

CVSS:8.0(High)

The affected product is vulnerable to stack-based buffer overflow while processing over-the-air firmware updates from the CDN server, which may allow an attacker to remotely execute code on the Simple...

CWE-1212021

CVE-2021-27246

HIGH

CVSS:8.0(High)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Authentication is not required to exploit this vuln...

CWE-1212021

CVE-2021-44158

HIGH

CVSS:8.0(High)

ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflow due to improper validation for httpd parameter length. An authenticated local area network attacker can launch arbitrary code ex...

CWE-1212021

CVE-2022-20703

HIGH

CVSS:8.0(High)

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arb...

CWE-1212022

CVE-2022-20708

HIGH

CVSS:8.0(High)

CWE-1212022

CVE-2022-27646

HIGH

CVSS:8.0(High)

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit th...

CWE-1212022