NETGEAR ProSAFE Plus - Unauthenticated Remote Code Execution

NETGEAR ProSAFE Plus before 2.6.0.43 is susceptible to unauthenticated remote code execution. Any HTML page is allowed as a valid endpoint to submit POST requests, allowing debug action via the submitId and debugCmd parameters. The problem is publicly exposed in the login.html webpage, which has ...

EUVD-2014-4783

Malware in sbrugna...

The vulnerability of NETGEAR ProSafe Plus JGS516PE microcontroller-based software, related to the lack of protection for service data, allows a intruder to trigger a service failure.

The vulnerability of NETGEAR ProSafe Plus JGS516PE microcontroller-based devices lies in the lack of protection for service data. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

The vulnerability of the NSDP protocol implementation in Netgear ProSafe Plus JGS516PE and ProSAFE Plus GS116Ev2 network devices allows a perpetrator to increase their privileges.

The vulnerability of the NSDP protocol implementation in Netgear ProSafe Plus JGS516PE and ProSAFE Plus GS116Ev2 networking devices is related to authentication process errors. Exploiting this vulnerability can allow attackers to increase their privileges remotely...

The vulnerability of the NSDP protocol implementation in Netgear ProSafe Plus JGS516PE and ProSAFE Plus GS116Ev2 network devices allows a hacker to bypass access controls and gain full control over the device.

The vulnerability of the NSDP protocol implementation in Netgear ProSafe Plus JGS516PE and ProSAFE Plus GS116Ev2 networking devices is related to authentication process errors. Exploiting this vulnerability allows an attacker to bypass access controls and gain full control over the device...

The vulnerability of the TFTP microprogramming software used in Netgear ProSafe Plus JGS516PE and ProSAFE Plus GS116Ev2 network devices allows a intruder to cause service interruptions.

The vulnerability of the TFTP microprogramming software used in Netgear ProSafe Plus JGS516PE and ProSAFE Plus GS116Ev2 network devices is related to an uncontrolled consumption of resources. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...

The vulnerability of the implementation of the microprogramming software update mechanism for Netgear ProSafe Plus JGS516PE and ProSAFE Plus GS116Ev2 devices allows a hacker to increase their privileges.

The vulnerability of the mechanism for updating microprogrammable software in Netgear ProSafe Plus JGS516PE and ProSAFE Plus GS116Ev2 devices is related to deficiencies in input data validation. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...

The vulnerability of the DCHP server configuration of Netgear ProSafe Plus JGS516PE and ProSAFE Plus GS116Ev2 network devices allows a hacker to cause a service failure.

The vulnerability of the DCHP configuration of Netgear ProSafe Plus JGS516PE and ProSAFE Plus GS116Ev2 networking devices relates to insufficient cleaning of special elements in the output data used by the incoming component. Exploiting this vulnerability can allow a malicious actor to trigger...

New Mirai Variant and ZHtrap Botnet Malware Emerge in the Wild

Cybersecurity researchers on Monday disclosed a new wave of ongoing attacks exploiting multiple vulnerabilities to deploy new Mirai variants on internet connected devices. "Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection...

CVE-2017-2137

ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests...

CVE-2017-2137

ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests...

Design/Logic Flaw

ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests...

CVE-2017-2137

ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests...

CVE-2017-2137

CVE-2017-2137 affects NETGEAR ProSAFE Plus Configuration Utility prior to 2.3.29. The Vulnerability is an improper access control flaw that allows remote attackers to bypass access restrictions and modify switch configurations via SOAP requests. Affected component is the Windows-based Configurati...

NETGEAR ProSAFE Plus Configuration Utility vulnerable to improper access control

Overview ProSAFE Plus Configuration Utility provided by NETGEAR is a Windows application to configure and manage NETGEAR's ProSAFE Plus and Click Switches. An operator uses the utility to login and configure NETGEAR switches. When the utility is invoked, it starts listening on a certain port for...

JVN#08740778: NETGEAR ProSAFE Plus Configuration Utility vulnerable to improper access control

ProSAFE Plus Configuration Utility provided by NETGEAR is a Windows application to configure and manage NETGEAR's ProSAFE Plus and Click Switches. An operator uses the utility to login and configure NETGEAR switches. When the utility is invoked, it starts listening on a certain port for SOAP...

NETGEAR ProSAFE Plus Configuration Utility Incorrect Access Control Vulnerability

NetGear ProSafe is the smart switch product for monitoring and configuring your network. An incorrect access control vulnerability exists in the NETGEAR ProSAFE Plus Configuration Utility, which can be exploited by an attacker to perform switch configuration tasks based on SOAP requests...

CVE-2014-4864

The NETGEAR ProSafe Plus Configuration Utility creates configuration backup files containing cleartext passwords, which might allow remote attackers to obtain sensitive information by reading a file...

CVE-2014-2969

NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to 1 produceburn.cgi, 2...

Hardcoded credentials

NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify memory contents, and consequently execute arbitrary code, via a request to 1 produceburn.cgi, 2...