Details of VAR-202507-2548

ID

VAR-202507-2548

CVE

CVE-2025-44658

TITLE

of netgear RAX30 Unrestricted Upload of Dangerous File Types Vulnerability in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-011053

DESCRIPTION

In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by uploading malicious scripts disguised with alternate extensions and tricking the web server into executing them as PHP, bypassing security mechanisms based on file extension filtering. This may lead to remote code execution (RCE), information disclosure, or full system compromise. of netgear RAX30 Firmware has an unrestricted upload of dangerous file types vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. NETGEAR RAX30 is a dual-band wireless router from NETGEAR

Trust: 2.16

sources: NVD: CVE-2025-44658 // JVNDB: JVNDB-2025-011053 // CNVD: CNVD-2025-16868

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-16868

AFFECTED PRODUCTS

vendor:	netgear	model:	rax30	scope:	eq	version:	1.0.10.94	Trust: 1.0
vendor:	ネットギア	model:	rax30	scope:	eq	version:	rax30 firmware 1.0.10.94	Trust: 0.8
vendor:	ネットギア	model:	rax30	scope:	eq	version:	-	Trust: 0.8
vendor:	ネットギア	model:	rax30	scope:	-	version:	-	Trust: 0.8
vendor:	netgear	model:	rax30	scope:	eq	version:	v1.0.10.94	Trust: 0.6

sources: CNVD: CNVD-2025-16868 // JVNDB: JVNDB-2025-011053 // NVD: CVE-2025-44658

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-44658
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2025-011053
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2025-16868
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-16868
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-44658
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-011053
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-16868 // JVNDB: JVNDB-2025-011053 // NVD: CVE-2025-44658

PROBLEMTYPE DATA

problemtype:	CWE-434	Trust: 1.0
problemtype:	Unlimited uploads of dangerous types of files (CWE-434) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-011053 // NVD: CVE-2025-44658

PATCH

title:

Patch for Netgear RAX30 has an unspecified vulnerability (CNVD-2025-16868)

url:

https://www.cnvd.org.cn/patchInfo/show/712676

Trust: 0.6

sources: CNVD: CNVD-2025-16868

EXTERNAL IDS

db:	NVD	id:	CVE-2025-44658	Trust: 3.2
db:	JVNDB	id:	JVNDB-2025-011053	Trust: 0.8
db:	CNVD	id:	CNVD-2025-16868	Trust: 0.6

sources: CNVD: CNVD-2025-16868 // JVNDB: JVNDB-2025-011053 // NVD: CVE-2025-44658

REFERENCES

url:	https://www.netgear.com/about/security/	Trust: 1.8
url:	https://www.notion.so/cve-2025-44658-24754a1113e780df8f72c779a108f75b	Trust: 1.8
url:	https://gist.github.com/tpcchecker/c72eea7a3f89070dab7dfdbf7504b2d6	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2025-44658	Trust: 0.8

sources: CNVD: CNVD-2025-16868 // JVNDB: JVNDB-2025-011053 // NVD: CVE-2025-44658

SOURCES

db:	CNVD	id:	CNVD-2025-16868
db:	JVNDB	id:	JVNDB-2025-011053
db:	NVD	id:	CVE-2025-44658

LAST UPDATE DATE

2025-08-10T23:12:09.495000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-16868	date:	2025-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2025-011053	date:	2025-08-08T08:14:00
db:	NVD	id:	CVE-2025-44658	date:	2025-08-07T17:57:40.350

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-16868	date:	2025-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2025-011053	date:	2025-08-08T00:00:00
db:	NVD	id:	CVE-2025-44658	date:	2025-07-21T16:15:29.560