Netgear RAX30 PHP-FPM Misconfiguration Vulnerability Allowing Remote Code Execution

Vulnerability

A PHP-FPM misconfiguration vulnerability has been identified in the Netgear RAX30 router, specifically in version 1.0.10.94. The vulnerability arises from failing to restrict PHP-FPM to only .php file extensions. This oversight allows attackers to upload malicious scripts with different extensions and deceive the web server into executing them as PHP. Such exploitation can bypass security measures that rely on file extension filtering, potentially leading to remote code execution, unauthorized information disclosure, or a complete system compromise.

Impact

Exploitation of this vulnerability could result in remote code execution, allowing an attacker to execute arbitrary code on the affected system. Additionally, there is a risk of unauthorized information disclosure or a full system compromise.

Added: Jul 21, 2025, 4:29 PM

Updated: Jul 21, 2025, 4:29 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

7.0

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

7.5

exploitability

7.0

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Netgear RAX30 PHP-FPM Misconfiguration Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Affected Products

Netgear RAX30

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating