CVE-2023-48725 HIGH

CVE-2023-48725

Vendor Netgear
Product RAX30
Weakness CWE-121
Published March 7, 2024
Last update November 4, 2025

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Key dates

02Disclosure timeline

March 7, 2024 CVE published
November 4, 2025 Record updated