CVE-2023-28338

high

Description

Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s web service containing a “Content-Type” of “multipartboundary=” will result in the request body being written to “/tmp/mulipartFile” on the device itself. A sufficiently large file will cause device resources to be exhausted, resulting in the device becoming unusable until it is rebooted.

References

https://drupal9.tenable.com/security/research/tra-2023-12

Details

Source: MITRE

Published: 2023-03-15

Updated: 2023-03-21

Type: CWE-770