Details of VAR-202303-0935

ID

VAR-202303-0935

CVE

CVE-2023-1327

TITLE

of netgear RAX30 Authentication vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-005408

DESCRIPTION

Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device's web management interface by resetting the admin password. of netgear RAX30 An authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR RAX30 (AX2400) is a wireless router that supports WiFi 6 technology and provides a wireless transmission speed of up to 2.4Gbps, which is suitable for high-bandwidth demand scenarios such as 4K streaming and gaming

Trust: 2.25

sources: NVD: CVE-2023-1327 // JVNDB: JVNDB-2023-005408 // CNVD: CNVD-2025-16680 // VULMON: CVE-2023-1327

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-16680

AFFECTED PRODUCTS

vendor:	netgear	model:	rax30	scope:	lt	version:	1.0.6.74	Trust: 1.6
vendor:	ネットギア	model:	rax30	scope:	eq	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rax30	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rax30	scope:	eq	version:	rax30 firmware 1.0.6.74	Trust: 0.8

sources: CNVD: CNVD-2025-16680 // JVNDB: JVNDB-2023-005408 // NVD: CVE-2023-1327

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-1327
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2023-1327
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-16680
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202303-1097
value:	CRITICAL
Trust: 0.6

CNVD:	CNVD-2025-16680
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2023-1327
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2023-1327
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-16680 // JVNDB: JVNDB-2023-005408 // CNNVD: CNNVD-202303-1097 // NVD: CVE-2023-1327

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	Inappropriate authentication (CWE-287) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-005408 // NVD: CVE-2023-1327

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202303-1097

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202303-1097

PATCH

title:	Patch for NETGEAR RAX30 (AX2400) Authentication Bypass Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/711326	Trust: 0.6
title:	NETGEAR RAX30 Remediation measures for authorization problem vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=229739	Trust: 0.6

sources: CNVD: CNVD-2025-16680 // CNNVD: CNNVD-202303-1097

EXTERNAL IDS

db:	NVD	id:	CVE-2023-1327	Trust: 3.9
db:	TENABLE	id:	TRA-2023-10	Trust: 1.7
db:	JVNDB	id:	JVNDB-2023-005408	Trust: 0.8
db:	CNVD	id:	CNVD-2025-16680	Trust: 0.6
db:	CNNVD	id:	CNNVD-202303-1097	Trust: 0.6
db:	VULMON	id:	CVE-2023-1327	Trust: 0.1

sources: CNVD: CNVD-2025-16680 // VULMON: CVE-2023-1327 // JVNDB: JVNDB-2023-005408 // CNNVD: CNNVD-202303-1097 // NVD: CVE-2023-1327

REFERENCES

url:	https://github.com/advisories/ghsa-pvxx-rv48-qw5m	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2023-1327	Trust: 2.0
url:	https://drupal9.tenable.com/security/research/tra-2023-10	Trust: 1.7
url:	https://cxsecurity.com/cveshow/cve-2023-1327/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2025-16680 // VULMON: CVE-2023-1327 // JVNDB: JVNDB-2023-005408 // CNNVD: CNNVD-202303-1097 // NVD: CVE-2023-1327

SOURCES

db:	CNVD	id:	CNVD-2025-16680
db:	VULMON	id:	CVE-2023-1327
db:	JVNDB	id:	JVNDB-2023-005408
db:	CNNVD	id:	CNNVD-202303-1097
db:	NVD	id:	CVE-2023-1327

LAST UPDATE DATE

2025-07-26T23:23:28.728000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-16680	date:	2025-07-23T00:00:00
db:	VULMON	id:	CVE-2023-1327	date:	2023-03-15T00:00:00
db:	JVNDB	id:	JVNDB-2023-005408	date:	2023-11-08T03:19:00
db:	CNNVD	id:	CNNVD-202303-1097	date:	2023-03-22T00:00:00
db:	NVD	id:	CVE-2023-1327	date:	2023-03-21T17:59:23.193

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-16680	date:	2025-07-23T00:00:00
db:	VULMON	id:	CVE-2023-1327	date:	2023-03-14T00:00:00
db:	JVNDB	id:	JVNDB-2023-005408	date:	2023-11-08T00:00:00
db:	CNNVD	id:	CNNVD-202303-1097	date:	2023-03-14T00:00:00
db:	NVD	id:	CVE-2023-1327	date:	2023-03-14T22:15:10.367