Michael Gentile

**Name of the Vulnerable Software and Affected Versions** Netgear RAX30 versions 1.0.7.78 through 1.0.11.96 Netgear RAX28 (affected versions not specified) Netgear RAX29 (affected versions not specified) **Description** A stack-based buffer overflow vulnerability exists in the JSON Parsing `getblockschedule()` functionality. This can be triggered by a specially crafted HTTP request, potentially leading to code execution. An attacker can exploit this by making an authenticated HTTP request. **Recommendations** For Netgear RAX30 versions 1.0.7.78 through 1.0.11.96, consider disabling the `getblockschedule()` function until a patch is available. For Netgear RAX28 and RAX29, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the JSON Parsing functionality to minimize the risk of exploitation.