Sign-up

ID

VAR-202306-0613


CVE

CVE-2023-34284


TITLE

of netgear  RAX30  Vulnerability related to use of hardcoded credentials in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-027748

DESCRIPTION

NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the system configuration. The system contains a hardcoded user account which can be used to access the CLI service as a low-privileged user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19660. of netgear RAX30 A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR RAX30 is a dual-band wireless router from NETGEAR. No detailed vulnerability details are available

Trust: 2.88

sources: NVD: CVE-2023-34284 // JVNDB: JVNDB-2023-027748 // ZDI: ZDI-23-838 // CNVD: CNVD-2025-11172 // VULMON: CVE-2023-34284

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-11172

AFFECTED PRODUCTS

vendor:netgearmodel:rax30scope: - version: -

Trust: 1.3

vendor:netgearmodel:rax30scope:ltversion:1.0.10.94

Trust: 1.0

vendor:ネットギアmodel:rax30scope:eqversion:rax30 firmware 1.0.10.94

Trust: 0.8

vendor:ネットギアmodel:rax30scope:eqversion: -

Trust: 0.8

vendor:ネットギアmodel:rax30scope: - version: -

Trust: 0.8

sources: ZDI: ZDI-23-838 // CNVD: CNVD-2025-11172 // JVNDB: JVNDB-2023-027748 // NVD: CVE-2023-34284

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com: CVE-2023-34284
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2023-34284
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-34284
value: MEDIUM

Trust: 0.8

ZDI: CVE-2023-34284
value: MEDIUM

Trust: 0.7

CNVD: CNVD-2025-11172
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-11172
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

zdi-disclosures@trendmicro.com: CVE-2023-34284
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2023-34284
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

ZDI: CVE-2023-34284
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-23-838 // CNVD: CNVD-2025-11172 // JVNDB: JVNDB-2023-027748 // NVD: CVE-2023-34284 // NVD: CVE-2023-34284

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.0

problemtype:Use hard-coded credentials (CWE-798) [ others ]

Trust: 0.8

problemtype: Use hard-coded credentials (CWE-798) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-027748 // NVD: CVE-2023-34284

PATCH

title:NETGEAR has issued an update to correct this vulnerability.url:https://kb.netgear.com/000065650/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2023-0003-PSV-2023-0004?article=000065650

Trust: 0.7

title:Patch for NETGEAR RAX30 Authentication Bypass Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/692181

Trust: 0.6

sources: ZDI: ZDI-23-838 // CNVD: CNVD-2025-11172

EXTERNAL IDS

db:NVDid:CVE-2023-34284

Trust: 4.0

db:ZDIid:ZDI-23-838

Trust: 2.6

db:JVNDBid:JVNDB-2023-027748

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-19660

Trust: 0.7

db:CNVDid:CNVD-2025-11172

Trust: 0.6

db:VULMONid:CVE-2023-34284

Trust: 0.1

sources: ZDI: ZDI-23-838 // CNVD: CNVD-2025-11172 // VULMON: CVE-2023-34284 // JVNDB: JVNDB-2023-027748 // NVD: CVE-2023-34284

REFERENCES

url:https://kb.netgear.com/000065650/security-advisory-for-multiple-vulnerabilities-on-the-rax30-psv-2023-0003-psv-2023-0004?article=000065650

Trust: 2.5

url:https://www.zerodayinitiative.com/advisories/zdi-23-838/

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2023-34284

Trust: 0.8

url:http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2023-34284

Trust: 0.6

sources: ZDI: ZDI-23-838 // CNVD: CNVD-2025-11172 // VULMON: CVE-2023-34284 // JVNDB: JVNDB-2023-027748 // NVD: CVE-2023-34284

CREDITS

Dmitry "InfoSecDJ" Janushkevich of Trend Micro Zero Day Initiative

Trust: 0.7

sources: ZDI: ZDI-23-838

SOURCES

db:ZDIid:ZDI-23-838
db:CNVDid:CNVD-2025-11172
db:VULMONid:CVE-2023-34284
db:JVNDBid:JVNDB-2023-027748
db:NVDid:CVE-2023-34284

LAST UPDATE DATE

2025-06-01T22:53:40.457000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-23-838date:2023-06-08T00:00:00
db:CNVDid:CNVD-2025-11172date:2025-05-30T00:00:00
db:JVNDBid:JVNDB-2023-027748date:2025-01-07T05:36:00
db:NVDid:CVE-2023-34284date:2025-01-03T17:03:38.247

SOURCES RELEASE DATE

db:ZDIid:ZDI-23-838date:2023-06-08T00:00:00
db:CNVDid:CNVD-2025-11172date:2025-05-27T00:00:00
db:JVNDBid:JVNDB-2023-027748date:2025-01-07T00:00:00
db:NVDid:CVE-2023-34284date:2024-05-03T02:15:27.993