CVE-2023-28338

Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s web service containing a “Content-Type” of “multipartboundary=” will result in the request body being written to “/tmp/mulipartFile” on the device itself. A sufficiently large file will cause device resources to be exhausted, resulting in the device becoming unusable until it is rebooted.

Published: Mar 16, 2023
Updated: Apr 14, 2023
CVE: CVE-2023-28338
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-770

Affected Software
References

Software	From	Fixed in
netgear / rax30_firmware	-	-

https://drupal9.tenable.com/security/research/tra-2023-12

Vulnerability Database

289,784

CVE-2023-28338