Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Authentication Bypass in Netgear RAX30 (AX2400) < 1.0.6.74

High

Synopsis

A researcher at Tenable discovered a previously undisclosed Authentication Bypass issue in the Netgear RAX30 (AX2400) router version 1.0.5.70. Tenable determined that the issue had been fixed in firmware version 1.0.6.74, but that it had not been explicitly acknowledged in the release notes for that firmware.

The vulnerability exists as the password reset form /pwd_reset/pwd_reset_passwordReset.html, and POST requests to /pwd_reset/reset_pwd.cgi did not require any form of authentication to reset the admin password.

As of 1.0.6.74, such requests now require the correct input of the router's serial number and answers to two security questions.

Solution

Netgear fixed this issue in firmware version 1.0.6.74, however users should update to the newest available version (1.0.10.94 at the time of publishing)

Disclosure Timeline

27 January 2023 - Tenable contacts Netgear to clarify whether this is the same issue as CVE-2021-29080
3 March 2023 - Netgear confirms that they are not the same issue
6 March 2023 - Tenable informs Netgear that a CVE will be registered

All information within TRA advisories is provided “as is”, without warranty of any kind, including the implied warranties of merchantability and fitness for a particular purpose, and with no guarantee of completeness, accuracy, or timeliness. Individuals and organizations are responsible for assessing the impact of any actual or potential security vulnerability.

Tenable takes product security very seriously. If you believe you have found a vulnerability in one of our products, we ask that you please work with us to quickly resolve it in order to protect customers. Tenable believes in responding quickly to such reports, maintaining communication with researchers, and providing a solution in short order.

For more details on submitting vulnerability information, please see our Vulnerability Reporting Guidelines page.

If you have questions or corrections about this advisory, please email [email protected]

Risk Information

CVE ID: CVE-2023-1327
Tenable Advisory ID: TRA-2023-10
Credit:
Dillon Beresford
CVSSv3 Base / Temporal Score:
8.8/8.2
CVSSv3 Vector:
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
Netgear RAX30 (AX2400) < 1.0.6.74
Risk Factor:
High

Advisory Timeline

10 March 2023 - Advisory Published