ZDI-23-838: NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability

June 8, 2023, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability.

attackers authentication authentication bypass bypass bypass vulnerability credentials exploit hard hard-coded credentials netgear network routers vulnerability zdi

Visit resource

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-454: SolarWinds Access Rights Manager Hard-Coded Credentials Authentication Bypass Vulnerability 1 day, 20 hours ago | www.zerodayinitiative.com

access access rights attackers authentication +18

ZDI-24-456: NI FlexLogger FLXPROJ File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability 1 day, 20 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +15

ZDI-24-455: SolarWinds Access Rights Manager JsonSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability 1 day, 20 hours ago | www.zerodayinitiative.com

access access rights arbitrary code attackers +20

ZDI-24-450: (0Day) D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability 2 days, 20 hours ago | www.zerodayinitiative.com

0day arbitrary code attackers authentication +14

ZDI-24-449: (0Day) D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability 2 days, 20 hours ago | www.zerodayinitiative.com

0day arbitrary code attackers authentication +14

ZDI-24-448: (0Day) D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability 2 days, 20 hours ago | www.zerodayinitiative.com

0day arbitrary code attackers authentication +16

ZDI-24-447: (0Day) D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability 2 days, 20 hours ago | www.zerodayinitiative.com

0day attackers authentication authentication bypass +12

ZDI-24-446: (0Day) D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability 2 days, 20 hours ago | www.zerodayinitiative.com

0day arbitrary code attackers authentication +17

ZDI-24-445: (0Day) D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Service Vulnerability 2 days, 20 hours ago | www.zerodayinitiative.com

0day attackers authentication cgi +13

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Cyber Incident Manager 3

@ ARSIEM | Pensacola, FL

View on infosec-jobs.com

On-Site Environmental Technician II - Industrial Wastewater Plant Operator and Compliance Inspector

@ AECOM | Billings, MT, United States

View on infosec-jobs.com

Sr Security Analyst

@ Everbridge | Bengaluru

View on infosec-jobs.com

all InfoSec news

ZDI-23-838: NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability

More from www.zerodayinitiative.com / ZDI: Published Advisories

Jobs in InfoSec / Cybersecurity

Information Security Engineers

Technology Security Analyst

Senior Cyber Security Analyst

Cyber Incident Manager 3

On-Site Environmental Technician II - Industrial Wastewater Plant Operator and Compliance Inspector

Sr Security Analyst