Details of VAR-202306-0577

ID

VAR-202306-0577

CVE

CVE-2023-34283

TITLE

of netgear RAX30 Link interpretation vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-027732

DESCRIPTION

NETGEAR RAX30 USB Share Link Following Information Disclosure Vulnerability. This vulnerability allows physically present attackers to disclose sensitive information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of symbolic links on removable USB media. By creating a symbolic link, an attacker can abuse the router's web server to access arbitrary local files. An attacker can leverage this vulnerability to disclose information in the context of root. Was ZDI-CAN-19498. NETGEAR RAX30 is a WiFi 6 router launched by NETGEAR. It supports dual bands (2.4GHz and 5GHz), has a maximum transmission rate of 2400Mbps, uses three external antennas, is equipped with a 1.5GHz triple-core processor, and can connect 20 devices at the same time

Trust: 2.79

sources: NVD: CVE-2023-34283 // JVNDB: JVNDB-2023-027732 // ZDI: ZDI-23-837 // CNVD: CNVD-2025-16598

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-16598

AFFECTED PRODUCTS

vendor:	netgear	model:	rax30	scope:	-	version:	-	Trust: 1.3
vendor:	netgear	model:	rax30	scope:	lt	version:	1.0.10.94	Trust: 1.0
vendor:	ネットギア	model:	rax30	scope:	eq	version:	rax30 firmware 1.0.10.94	Trust: 0.8
vendor:	ネットギア	model:	rax30	scope:	eq	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rax30	scope:	-	version:	-	Trust: 0.8

sources: ZDI: ZDI-23-837 // CNVD: CNVD-2025-16598 // JVNDB: JVNDB-2023-027732 // NVD: CVE-2023-34283

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com:	CVE-2023-34283
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2023-34283
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2023-34283
value:	MEDIUM
Trust: 0.8
ZDI:	CVE-2023-34283
value:	MEDIUM
Trust: 0.7
CNVD:	CNVD-2025-16598
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-16598
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

zdi-disclosures@trendmicro.com:	CVE-2023-34283
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2023-34283
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.1
Trust: 1.0
ZDI:	CVE-2023-34283
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-23-837 // CNVD: CNVD-2025-16598 // JVNDB: JVNDB-2023-027732 // NVD: CVE-2023-34283 // NVD: CVE-2023-34283

PROBLEMTYPE DATA

problemtype:	CWE-59	Trust: 1.0
problemtype:	Link interpretation problem (CWE-59) [NVD evaluation ]	Trust: 0.8
problemtype:	Link interpretation problem (CWE-59) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-027732 // NVD: CVE-2023-34283

PATCH

title:	NETGEAR has issued an update to correct this vulnerability.	url:	https://kb.netgear.com/000065650/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2023-0003-PSV-2023-0004?article=000065650	Trust: 0.7
title:	Patch for NETGEAR RAX30 Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/710966	Trust: 0.6

sources: ZDI: ZDI-23-837 // CNVD: CNVD-2025-16598

EXTERNAL IDS

db:	NVD	id:	CVE-2023-34283	Trust: 3.9
db:	ZDI	id:	ZDI-23-837	Trust: 2.5
db:	JVNDB	id:	JVNDB-2023-027732	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-19498	Trust: 0.7
db:	CNVD	id:	CNVD-2025-16598	Trust: 0.6

sources: ZDI: ZDI-23-837 // CNVD: CNVD-2025-16598 // JVNDB: JVNDB-2023-027732 // NVD: CVE-2023-34283

REFERENCES

url:	https://kb.netgear.com/000065650/security-advisory-for-multiple-vulnerabilities-on-the-rax30-psv-2023-0003-psv-2023-0004?article=000065650	Trust: 2.5
url:	https://www.zerodayinitiative.com/advisories/zdi-23-837/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-34283	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-34283	Trust: 0.6

sources: ZDI: ZDI-23-837 // CNVD: CNVD-2025-16598 // JVNDB: JVNDB-2023-027732 // NVD: CVE-2023-34283

CREDITS

Dmitry "InfoSecDJ" Janushkevich of Trend Micro Zero Day Initiative

Trust: 0.7

sources: ZDI: ZDI-23-837

SOURCES

db:	ZDI	id:	ZDI-23-837
db:	CNVD	id:	CNVD-2025-16598
db:	JVNDB	id:	JVNDB-2023-027732
db:	NVD	id:	CVE-2023-34283

LAST UPDATE DATE

2025-07-23T23:10:42.400000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-23-837	date:	2023-06-08T00:00:00
db:	CNVD	id:	CNVD-2025-16598	date:	2025-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2023-027732	date:	2025-01-06T09:04:00
db:	NVD	id:	CVE-2023-34283	date:	2025-01-03T17:03:08.457

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-23-837	date:	2023-06-08T00:00:00
db:	CNVD	id:	CNVD-2025-16598	date:	2025-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2023-027732	date:	2025-01-06T00:00:00
db:	NVD	id:	CVE-2023-34283	date:	2024-05-03T02:15:27.813