Lucene search
K
NetgearProsafe Network Management System

24 matches found

CVE
CVE
added 2024/05/23 10:7 p.m.94 views

CVE-2024-5247

CVE-2024-5247 affects NETGEAR ProSAFE Network Management System. The UpLoadServlet unsafely handles user-supplied data, allowing unrestricted file uploads that can lead to remote code execution with SYSTEM privileges. Authentication is required to exploit, and multiple sources (ZDI advisories, NV...

8.8CVSS9.2AI score0.26919EPSS
CVE
CVE
added 2024/05/03 2:14 a.m.84 views

CVE-2023-44450

CVE-2023-44450 affects NETGEAR ProSAFE Network Management System. Impact comes from the getNodesByTopologyMapSearch function, where unsanitized user input is used to build SQL queries, enabling remote code execution with SYSTEM privileges after authentication. Multiple sources (NVD, ZDI, CVE list...

8.8CVSS9.1AI score0.53563EPSS
CVE
CVE
added 2024/05/03 1:58 a.m.83 views

CVE-2023-38097

Affected product: NETGEAR ProSAFE Network Management System. Vulnerable component: BkreProcessThread. Root cause: exposed dangerous function within BkreProcessThread allows remote code execution. Impact: attacker can execute code in SYSTEM context (remote, network-based). Authentication is requir...

8.8CVSS7.6AI score0.01689EPSS
CVE
CVE
added 2024/05/03 2:14 a.m.81 views

CVE-2023-44449

NETGEAR ProSAFE Network Management System is affected by a SQL Injection in clearAlertByIds, caused by insufficient validation of user input used to build SQL queries. This allows a remote attacker with authentication to escalate privileges to protected resources. The flaw is documented across mu...

8.8CVSS9.1AI score0.52562EPSS
CVE
CVE
added 2024/05/03 2:14 a.m.76 views

CVE-2023-50231

CVE-2023-50231 affects NETGEAR ProSAFE Network Management System. The flaw is in the saveNodeLabel method, where improper validation of user-supplied data permits injection of arbitrary scripts, enabling privilege escalation on affected installations. Exploitation details in provided docs indicat...

9.6CVSS7.6AI score0.53303EPSS
CVE
CVE
added 2024/05/03 1:59 a.m.75 views

CVE-2023-38101

CVE-2023-38101 affects NETGEAR ProSAFE Network Management System, with the vulnerable surface in the SettingConfigController class. The flaw arises from an exposed dangerous function that enables remote code execution, allowing attackers to run code with SYSTEM privileges on affected installation...

8.8CVSS7.5AI score0.01689EPSS
CVE
CVE
added 2021/03/29 8:55 p.m.74 views

CVE-2021-27275

CVE-2021-27275 affects NETGEAR ProSAFE Network Management System 1.6.0.26. The flaw resides in ConfigFileController realName handling, where user-supplied paths are not properly validated before file operations, enabling directory traversal. Consequences include disclosure of sensitive informatio...

8.3CVSS8.1AI score0.73318EPSS
CVE
CVE
added 2024/05/03 1:58 a.m.73 views

CVE-2023-38096

CVE-2023-38096 affects NETGEAR ProSAFE Network Management System. The flaw resides in the MyHandlerInterceptor authentication mechanism, representing an improper implementation that allows remote attackers to bypass authentication (no user interaction required). Impact is high on confidentiality,...

9.8CVSS9.7AI score0.83009EPSS
CVE
CVE
added 2024/05/03 2:11 a.m.71 views

CVE-2023-41182

The CVE-2023-41182 entry concerns NETGEAR ProSAFE Network Management System with a ZipUtils directory traversal vulnerability leading to remote code execution. The flaw stems from insufficient validation of a user-supplied path before file operations in the ZipUtils class, allowing an attacker to...

8.8CVSS7.5AI score0.58622EPSS
CVE
CVE
added 2024/05/03 1:58 a.m.69 views

CVE-2023-38095

Netgear ProSAFE Network Management System is affected by CVE-2023-38095 due to an unrestricted file upload in the MFileUploadController. The root cause is lack of validation of user-supplied data, enabling an attacker to upload arbitrary files and execute code with SYSTEM privileges. Exploitation...

8.8CVSS9.1AI score0.62472EPSS
CVE
CVE
added 2024/05/03 1:59 a.m.69 views

CVE-2023-38099

CVE-2023-38099 affects NETGEAR ProSAFE Network Management System. The flaw is in the getNodesByTopologyMapSearch function, where unsanitized user input is used to construct SQL queries, enabling a SQL injection that can lead to remote code execution with SYSTEM privileges. Authentication is requi...

8.8CVSS9.2AI score0.52882EPSS
CVE
CVE
added 2024/05/23 10:7 p.m.69 views

CVE-2024-5245

CVE-2024-5245 — NETGEAR ProSAFE Network Management System involves a local privilege-escalation vulnerability caused by default MySQL credentials in the product installer. An attacker who can run low-privileged code locally can leverage these credentials to escalate privileges to SYSTEM and execu...

7.8CVSS7.8AI score0.00568EPSS
CVE
CVE
added 2024/05/03 1:59 a.m.65 views

CVE-2023-38100

CVE-2023-38100 affects NETGEAR ProSAFE Network Management System. The vulnerability is a SQL Injection in the clearAlertByIds function, caused by insufficient validation of a user-supplied string used to construct SQL queries, enabling privilege escalation. Multiple sources (ZDI, CNVD, CVE record...

8.8CVSS9.1AI score0.01293EPSS
CVE
CVE
added 2024/05/03 1:59 a.m.65 views

CVE-2023-38102

NETGEAR ProSAFE Network Management System is affected by CVE-2023-38102 through the createUser function, which allows privilege escalation due to missing authorization prior to performing the action. The flaw can be abused after authentication, as the authentication mechanism can be bypassed, ena...

8.8CVSS8.8AI score0.01277EPSS
CVE
CVE
added 2024/05/03 1:59 a.m.64 views

CVE-2023-38098

CVE-2023-38098 concerns NETGEAR ProSAFE Network Management System. The UpLoadServlet class has an input-validation flaw that allows unrestricted file uploads, enabling remote code execution with SYSTEM privileges. Authentication is required to exploit, though the authentication mechanism can be b...

8.8CVSS9.1AI score0.09785EPSS
CVE
CVE
added 2024/08/21 4:9 p.m.63 views

CVE-2024-6814

CVE-2024-6814 affects NETGEAR ProSAFE Network Management System due to a flaw in the getFilterString method where user input is not properly validated for SQL query construction, enabling remote code execution. An attacker who authenticates can leverage this to execute code in the SYSTEM context....

8.8CVSS9.1AI score0.02108EPSS
CVE
CVE
added 2021/03/29 8:55 p.m.62 views

CVE-2021-27273

CVE-2021-27273 affects NETGEAR ProSAFE Network Management System 1.6.0.26. A flaw in SettingConfigController.fileName handling allows an unauthenticated-by-default? (authentication bypass noted) remote code execution with SYSTEM privileges by abusing an unsafely-validated user-supplied string to ...

9CVSS8.9AI score0.64997EPSS
CVE
CVE
added 2021/03/29 8:55 p.m.62 views

CVE-2021-27274

NETGEAR ProSAFE Network Management System 1.6.0.26 is impacted by CVE-2021-27274 due to an unchecked user-supplied path in MFileUploadController, enabling pre-auth remote code execution with SYSTEM privileges. The vulnerability stems from insufficient validation of file paths used in file operati...

10CVSS9.7AI score0.08167EPSS
CVE
CVE
added 2024/06/06 5:49 p.m.62 views

CVE-2024-5505

CVE-2024-5505 concerns the NETGEAR ProSAFE Network Management System, where the UpLoadServlet contains a directory traversal flaw that lacks proper validation of a user-supplied path in file operations. This leads to remote code execution with SYSTEM privileges. Exploitation is described as requi...

8.8CVSS9.1AI score0.46989EPSS
CVE
CVE
added 2024/08/21 4:9 p.m.59 views

CVE-2024-6813

CVE-2024-6813 affects NETGEAR ProSAFE Network Management System. The vulnerability is in the getSortString method, where insufficient validation of a user-supplied string used to build SQL queries permits SQL Injection that can lead to remote code execution in the context of SYSTEM. Exploitation ...

8.8CVSS9.1AI score0.01862EPSS
CVE
CVE
added 2023/11/29 10:41 p.m.50 views

CVE-2023-49693

The CVE-2023-49693 entry concerns NETGEAR ProSAFE Network Management System, where Java Debug Wire Protocol (JDWP) is exposed on port 11611 and accessible without authentication, enabling remote arbitrary code execution. Multiple connected records corroborate an unauthenticated access vector via ...

9.8CVSS9.9AI score0.01154EPSS
CVE
CVE
added 2021/03/29 8:55 p.m.49 views

CVE-2021-27272

CVE-2021-27272 affects NETGEAR ProSAFE Network Management System 1.6.0.26. A flaw in the ReportTemplateController when parsing a path parameter allows a remote attacker to delete arbitrary files by abusing file operations, even though authentication is required—this authentication can be bypassed...

7.5CVSS6.9AI score0.73766EPSS
CVE
CVE
added 2021/03/29 8:55 p.m.46 views

CVE-2021-27276

CVE-2021-27276 affects NETGEAR ProSAFE Network Management System 1.6.0.26. The vulnerability is a directory traversal issue in the MibController class: during parsing the realName parameter, user-supplied paths are not properly validated before file operations, enabling an attacker to delete arbi...

7.1CVSS6.9AI score0.72461EPSS
CVE
CVE
added 2023/11/29 10:47 p.m.38 views

CVE-2023-49694

CVE-2023-49694 refers to a NETGEAR ProSAFE Network Management System privilege-escalation vulnerability on Windows hosts. An attacker with low OS privileges can create arbitrary JSP files in the Tomcat web-application directory and execute them under the SYSTEM security context, enabling full pri...

7.8CVSS7.7AI score0.00537EPSS