all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Authentication Bypass in Netgear RAX30 (AX2400) < 1.0.6.74

Add to bookmarks
March 10, 2023, 4:32 p.m. | Evan Grant

Tenable Research Advisories www.tenable.com

Authentication Bypass in Netgear RAX30 (AX2400) < 1.0.6.74

A researcher at Tenable discovered a previously undisclosed Authentication Bypass issue in the Netgear RAX30 (AX2400) router version 1.0.5.70. Tenable determined that the issue had been fixed in firmware version 1.0.6.74, but that it had not been explicitly acknowledged in the release notes for that firmware.


The vulnerability exists as the password reset form /pwd_reset/pwd_reset_passwordReset.html, and POST requests to /pwd_reset/reset_pwd.cgi did not require any form of authentication to reset the admin …

authentication authentication bypass bypass firmware issue netgear release release notes researcher router tenable version version 1

Visit resource

More from www.tenable.com / Tenable Research Advisories

Approach.App Multiple Vulnerabilities 2 weeks ago | www.tenable.com
app application exploitation management +9
Karros Technologies Authentication Bypass 2 weeks ago | www.tenable.com
authentication authentication bypass bypass technologies
Ivanti Avalanche WLAvalancheService.exe Unauthenticated Heap-based Buffer Overflow 2 weeks, 2 days ago | www.tenable.com
avalanche big buffer buffer overflow +12
Path Traversal Affecting Multiple CData Products 3 weeks, 6 days ago | www.tenable.com
application attachment cookie date +14
LG LED Assistant v2.1.65 Multiple Vulnerabilities 1 month ago | www.tenable.com
assistant led vulnerabilities
Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities 1 month, 2 weeks ago | www.tenable.com
arcserve data data protection protection +1
Microsoft Azure Synapse Analytics - Privilege Escalation via Vegas Caching Service 1 month, 3 weeks ago | www.tenable.com
analytics azure azure synapse caching +8
Showdownjs Denial of Service 2 months ago | www.tenable.com
can command concept conditions +17
Missing Authentication for Critical Function in Adobe FrameMaker Publishing Server (FMPS) 2 months, 2 weeks ago | www.tenable.com
accesstoken admin adobe authentication +9

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

SITEC- Systems Security Administrator- Camp HM Smith

@ Peraton | Camp H.M. Smith, HI, United States
View on infosec-jobs.com

Cyberspace Intelligence Analyst

@ Peraton | Fort Meade, MD, United States
View on infosec-jobs.com

General Manager, Cybersecurity, Google Public Sector

@ Google | Virginia, USA; United States
View on infosec-jobs.com

Cyber Security Advisor

@ H&M Group | Stockholm, Sweden
View on infosec-jobs.com

Engineering Team Manager – Security Controls

@ H&M Group | Stockholm, Sweden
View on infosec-jobs.com
View more jobs