Details of VAR-202406-0058

ID

VAR-202406-0058

CVE

CVE-2023-51634

TITLE

of netgear RAX30 Certificate validation vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2023-027728

DESCRIPTION

NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19589. (DoS) It may be in a state. NETGEAR RAX30 is a WiFi 6 router launched by NETGEAR. It supports dual bands (2.4GHz and 5GHz), has a maximum transmission rate of 2400Mbps, uses three external antennas, is equipped with a 1.5GHz triple-core processor, and can connect 20 devices at the same time. NETGEAR RAX30 has a trust management problem vulnerability

Trust: 2.79

sources: NVD: CVE-2023-51634 // JVNDB: JVNDB-2023-027728 // ZDI: ZDI-24-583 // CNVD: CNVD-2025-16597

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-16597

AFFECTED PRODUCTS

vendor:	netgear	model:	rax30	scope:	lt	version:	1.0.12.100_hotfix	Trust: 1.0
vendor:	ネットギア	model:	rax30	scope:	eq	version:	rax30 firmware 1.0.12.100 hotfix	Trust: 0.8
vendor:	ネットギア	model:	rax30	scope:	eq	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rax30	scope:	-	version:	-	Trust: 0.8
vendor:	netgear	model:	rax30	scope:	-	version:	-	Trust: 0.7
vendor:	netgear	model:	rax30 <1.0.12.100 hotfix	scope:	-	version:	-	Trust: 0.6

sources: ZDI: ZDI-24-583 // CNVD: CNVD-2025-16597 // JVNDB: JVNDB-2023-027728 // NVD: CVE-2023-51634

CVSS

SEVERITY

CVSSV2

CVSSV3

zdi-disclosures@trendmicro.com:	CVE-2023-51634
value:	HIGH
Trust: 1.0
nvd@nist.gov:	CVE-2023-51634
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-51634
value:	HIGH
Trust: 0.8
ZDI:	CVE-2023-51634
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2025-16597
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-16597
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:A/AC:H/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.2
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

zdi-disclosures@trendmicro.com:	CVE-2023-51634
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2023-51634
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.9
version:	3.1
Trust: 1.0
ZDI:	CVE-2023-51634
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.9
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-24-583 // CNVD: CNVD-2025-16597 // JVNDB: JVNDB-2023-027728 // NVD: CVE-2023-51634 // NVD: CVE-2023-51634

PROBLEMTYPE DATA

problemtype:	CWE-295	Trust: 1.0
problemtype:	Illegal certificate verification (CWE-295) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-027728 // NVD: CVE-2023-51634

PATCH

title:	NETGEAR has issued an update to correct this vulnerability.	url:	https://kb.netgear.com/000065928/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2023-0139	Trust: 0.7
title:	Patch for NETGEAR RAX30 Trust Management Issue Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/710961	Trust: 0.6

sources: ZDI: ZDI-24-583 // CNVD: CNVD-2025-16597

EXTERNAL IDS

db:	NVD	id:	CVE-2023-51634	Trust: 3.9
db:	ZDI	id:	ZDI-24-583	Trust: 2.5
db:	JVNDB	id:	JVNDB-2023-027728	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-19589	Trust: 0.7
db:	CNVD	id:	CNVD-2025-16597	Trust: 0.6

sources: ZDI: ZDI-24-583 // CNVD: CNVD-2025-16597 // JVNDB: JVNDB-2023-027728 // NVD: CVE-2023-51634

REFERENCES

url:	https://kb.netgear.com/000065928/security-advisory-for-multiple-vulnerabilities-on-the-rax30-psv-2023-0139	Trust: 2.5
url:	https://www.zerodayinitiative.com/advisories/zdi-24-583/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-51634	Trust: 0.8
url:	https://kb.netgear.com/000065928/security-advisory-for-multiple-vulnerabilities-on-the-rax30-psv-2023-0139https	Trust: 0.6

sources: ZDI: ZDI-24-583 // CNVD: CNVD-2025-16597 // JVNDB: JVNDB-2023-027728 // NVD: CVE-2023-51634

CREDITS

Neodyme

Trust: 0.7

sources: ZDI: ZDI-24-583

SOURCES

db:	ZDI	id:	ZDI-24-583
db:	CNVD	id:	CNVD-2025-16597
db:	JVNDB	id:	JVNDB-2023-027728
db:	NVD	id:	CVE-2023-51634

LAST UPDATE DATE

2025-07-23T23:20:01.976000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-24-583	date:	2024-07-01T00:00:00
db:	CNVD	id:	CNVD-2025-16597	date:	2025-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2023-027728	date:	2025-01-06T09:04:00
db:	NVD	id:	CVE-2023-51634	date:	2025-01-03T16:40:16.203

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-24-583	date:	2024-06-10T00:00:00
db:	CNVD	id:	CNVD-2025-16597	date:	2025-07-21T00:00:00
db:	JVNDB	id:	JVNDB-2023-027728	date:	2025-01-06T00:00:00
db:	NVD	id:	CVE-2023-51634	date:	2024-11-22T20:15:06.050