Netgear RAX30 Denial-of-Service Vulnerability Due to Misconfigured USERLIMIT_GLOBAL Option

Vulnerability

A denial-of-service vulnerability has been identified in the Netgear RAX30 router, specifically in version V1.0.10.94_3. The issue arises because the USERLIMIT_GLOBAL option is set to 0 in several bftpd-related configuration files, allowing unlimited users to connect. This misconfiguration can lead to denial-of-service attacks, as the server may become overwhelmed with connections, even though clients are disconnected after a short period.

Impact

Exploitation of this vulnerability can lead to denial-of-service conditions, where the router becomes overwhelmed with connections, potentially causing legitimate users to be disconnected or unable to connect.

Added: Jul 21, 2025, 6:25 PM

Updated: Jul 21, 2025, 6:25 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

7.0

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

2.5

exploitability

7.0

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Netgear RAX30 Denial-of-Service Vulnerability Due to Misconfigured USERLIMIT_GLOBAL Option

Vulnerability

Impact

Affected Products

Netgear RAX30

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating