CVE-2023-48725

Name of the Vulnerable Software and Affected Versions Netgear RAX30 versions 1.0.7.78 through 1.0.11.96 Netgear RAX28 (affected versions not specified) Netgear RAX29 (affected versions not specified)

Description A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality. This can be triggered by a specially crafted HTTP request, potentially leading to code execution. An attacker can exploit this by making an authenticated HTTP request.

Recommendations For Netgear RAX30 versions 1.0.7.78 through 1.0.11.96, consider disabling the getblockschedule() function until a patch is available. For Netgear RAX28 and RAX29, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the JSON Parsing functionality to minimize the risk of exploitation.