Details of VAR-202311-0527

ID

VAR-202311-0527

CVE

CVE-2023-44445

TITLE

of netgear CAX30 Out-of-bounds write vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-029605

DESCRIPTION

NETGEAR CAX30 SSO Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sso binary. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19058. of netgear CAX30 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The NETGEAR CAX30 is a 6-Stream WiFi 6 router from Netgear's Nighthawk AX6 series. It supports DOCSIS 3.1 technology and provides multi-gigabit internet and wireless speeds, making it suitable for simultaneous use of smart home devices during peak hours

Trust: 2.79

sources: NVD: CVE-2023-44445 // JVNDB: JVNDB-2023-029605 // ZDI: ZDI-23-1636 // CNVD: CNVD-2025-20498

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-20498

AFFECTED PRODUCTS

vendor:	netgear	model:	cax30	scope:	lt	version:	2.2.1.12	Trust: 1.6
vendor:	ネットギア	model:	cax30	scope:	-	version:	-	Trust: 0.8
vendor:	ネットギア	model:	cax30	scope:	eq	version:	-	Trust: 0.8
vendor:	ネットギア	model:	cax30	scope:	eq	version:	cax30 firmware 2.2.1.12	Trust: 0.8
vendor:	netgear	model:	cax30	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-23-1636 // CNVD: CNVD-2025-20498 // JVNDB: JVNDB-2023-029605 // NVD: CVE-2023-44445

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com:	CVE-2023-44445
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2023-029605
value:	HIGH
Trust: 0.8
ZDI:	CVE-2023-44445
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2025-20498
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-20498
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

zdi-disclosures@trendmicro.com:	CVE-2023-44445
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
OTHER:	JVNDB-2023-029605
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2023-44445
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-23-1636 // CNVD: CNVD-2025-20498 // JVNDB: JVNDB-2023-029605 // NVD: CVE-2023-44445

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-029605 // NVD: CVE-2023-44445

PATCH

title:	NETGEAR has issued an update to correct this vulnerability.	url:	https://kb.netgear.com/000065859/Security-Advisory-for-Pre-authentication-Buffer-Overflow-on-the-CAX30-PSV-2023-0093	Trust: 0.7
title:	Patch for NETGEAR CAX30 Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/726591	Trust: 0.6

sources: ZDI: ZDI-23-1636 // CNVD: CNVD-2025-20498

EXTERNAL IDS

db:	NVD	id:	CVE-2023-44445	Trust: 3.9
db:	ZDI	id:	ZDI-23-1636	Trust: 3.1
db:	JVNDB	id:	JVNDB-2023-029605	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-19058	Trust: 0.7
db:	CNVD	id:	CNVD-2025-20498	Trust: 0.6

sources: ZDI: ZDI-23-1636 // CNVD: CNVD-2025-20498 // JVNDB: JVNDB-2023-029605 // NVD: CVE-2023-44445

REFERENCES

url:	https://kb.netgear.com/000065859/security-advisory-for-pre-authentication-buffer-overflow-on-the-cax30-psv-2023-0093	Trust: 2.5
url:	https://www.zerodayinitiative.com/advisories/zdi-23-1636/	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2023-44445	Trust: 0.8

sources: ZDI: ZDI-23-1636 // CNVD: CNVD-2025-20498 // JVNDB: JVNDB-2023-029605 // NVD: CVE-2023-44445

CREDITS

Amol Dosanjh

Trust: 0.7

sources: ZDI: ZDI-23-1636

SOURCES

db:	ZDI	id:	ZDI-23-1636
db:	CNVD	id:	CNVD-2025-20498
db:	JVNDB	id:	JVNDB-2023-029605
db:	NVD	id:	CVE-2023-44445

LAST UPDATE DATE

2025-09-08T23:16:54.153000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-23-1636	date:	2023-11-14T00:00:00
db:	CNVD	id:	CNVD-2025-20498	date:	2025-09-05T00:00:00
db:	JVNDB	id:	JVNDB-2023-029605	date:	2025-08-13T04:35:00
db:	NVD	id:	CVE-2023-44445	date:	2025-08-07T15:58:01.483

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-23-1636	date:	2023-11-14T00:00:00
db:	CNVD	id:	CNVD-2025-20498	date:	2025-09-02T00:00:00
db:	JVNDB	id:	JVNDB-2023-029605	date:	2025-08-13T00:00:00
db:	NVD	id:	CVE-2023-44445	date:	2024-05-03T03:16:00.537