all InfoSec news
Authentication Bypass in Netgear RAX30 (AX2400) < 1.0.6.74
Tenable Research Advisories www.tenable.com
A researcher at Tenable discovered a previously undisclosed Authentication Bypass issue in the Netgear RAX30 (AX2400) router version 1.0.5.70. Tenable determined that the issue had been fixed in firmware version 1.0.6.74, but that it had not been explicitly acknowledged in the release notes for that firmware.
The vulnerability exists as the password reset form /pwd_reset/pwd_reset_passwordReset.html, and POST requests to /pwd_reset/reset_pwd.cgi did not require any form of authentication to reset the admin …
authentication authentication bypass bypass firmware issue netgear release release notes researcher router tenable version version 1