CVE-2023-27370

Name of the Vulnerable Software and Affected Versions NETGEAR RAX30 (affected versions not specified)

Description The issue is related to the storage of critical information in plaintext within the configuration of NETGEAR RAX30 routers. This allows network-adjacent attackers to disclose sensitive information on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can be bypassed. The flaw exists within the handling of device configuration, where configuration secrets are stored in plaintext, enabling an attacker to disclose stored credentials and potentially compromise the system further.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.