24 matches found
CVE-2024-5247
CVE-2024-5247 affects NETGEAR ProSAFE Network Management System. The UpLoadServlet unsafely handles user-supplied data, allowing unrestricted file uploads that can lead to remote code execution with SYSTEM privileges. Authentication is required to exploit, and multiple sources (ZDI advisories, NV...
CVE-2023-44450
CVE-2023-44450 affects NETGEAR ProSAFE Network Management System. Impact comes from the getNodesByTopologyMapSearch function, where unsanitized user input is used to build SQL queries, enabling remote code execution with SYSTEM privileges after authentication. Multiple sources (NVD, ZDI, CVE list...
CVE-2023-38097
Affected product: NETGEAR ProSAFE Network Management System. Vulnerable component: BkreProcessThread. Root cause: exposed dangerous function within BkreProcessThread allows remote code execution. Impact: attacker can execute code in SYSTEM context (remote, network-based). Authentication is requir...
CVE-2023-44449
NETGEAR ProSAFE Network Management System is affected by a SQL Injection in clearAlertByIds, caused by insufficient validation of user input used to build SQL queries. This allows a remote attacker with authentication to escalate privileges to protected resources. The flaw is documented across mu...
CVE-2023-50231
CVE-2023-50231 affects NETGEAR ProSAFE Network Management System. The flaw is in the saveNodeLabel method, where improper validation of user-supplied data permits injection of arbitrary scripts, enabling privilege escalation on affected installations. Exploitation details in provided docs indicat...
CVE-2023-38101
CVE-2023-38101 affects NETGEAR ProSAFE Network Management System, with the vulnerable surface in the SettingConfigController class. The flaw arises from an exposed dangerous function that enables remote code execution, allowing attackers to run code with SYSTEM privileges on affected installation...
CVE-2021-27275
CVE-2021-27275 affects NETGEAR ProSAFE Network Management System 1.6.0.26. The flaw resides in ConfigFileController realName handling, where user-supplied paths are not properly validated before file operations, enabling directory traversal. Consequences include disclosure of sensitive informatio...
CVE-2023-38096
CVE-2023-38096 affects NETGEAR ProSAFE Network Management System. The flaw resides in the MyHandlerInterceptor authentication mechanism, representing an improper implementation that allows remote attackers to bypass authentication (no user interaction required). Impact is high on confidentiality,...
CVE-2023-41182
The CVE-2023-41182 entry concerns NETGEAR ProSAFE Network Management System with a ZipUtils directory traversal vulnerability leading to remote code execution. The flaw stems from insufficient validation of a user-supplied path before file operations in the ZipUtils class, allowing an attacker to...
CVE-2023-38095
Netgear ProSAFE Network Management System is affected by CVE-2023-38095 due to an unrestricted file upload in the MFileUploadController. The root cause is lack of validation of user-supplied data, enabling an attacker to upload arbitrary files and execute code with SYSTEM privileges. Exploitation...
CVE-2023-38099
CVE-2023-38099 affects NETGEAR ProSAFE Network Management System. The flaw is in the getNodesByTopologyMapSearch function, where unsanitized user input is used to construct SQL queries, enabling a SQL injection that can lead to remote code execution with SYSTEM privileges. Authentication is requi...
CVE-2024-5245
CVE-2024-5245 — NETGEAR ProSAFE Network Management System involves a local privilege-escalation vulnerability caused by default MySQL credentials in the product installer. An attacker who can run low-privileged code locally can leverage these credentials to escalate privileges to SYSTEM and execu...
CVE-2023-38100
CVE-2023-38100 affects NETGEAR ProSAFE Network Management System. The vulnerability is a SQL Injection in the clearAlertByIds function, caused by insufficient validation of a user-supplied string used to construct SQL queries, enabling privilege escalation. Multiple sources (ZDI, CNVD, CVE record...
CVE-2023-38102
NETGEAR ProSAFE Network Management System is affected by CVE-2023-38102 through the createUser function, which allows privilege escalation due to missing authorization prior to performing the action. The flaw can be abused after authentication, as the authentication mechanism can be bypassed, ena...
CVE-2023-38098
CVE-2023-38098 concerns NETGEAR ProSAFE Network Management System. The UpLoadServlet class has an input-validation flaw that allows unrestricted file uploads, enabling remote code execution with SYSTEM privileges. Authentication is required to exploit, though the authentication mechanism can be b...
CVE-2024-6814
CVE-2024-6814 affects NETGEAR ProSAFE Network Management System due to a flaw in the getFilterString method where user input is not properly validated for SQL query construction, enabling remote code execution. An attacker who authenticates can leverage this to execute code in the SYSTEM context....
CVE-2021-27273
CVE-2021-27273 affects NETGEAR ProSAFE Network Management System 1.6.0.26. A flaw in SettingConfigController.fileName handling allows an unauthenticated-by-default? (authentication bypass noted) remote code execution with SYSTEM privileges by abusing an unsafely-validated user-supplied string to ...
CVE-2021-27274
NETGEAR ProSAFE Network Management System 1.6.0.26 is impacted by CVE-2021-27274 due to an unchecked user-supplied path in MFileUploadController, enabling pre-auth remote code execution with SYSTEM privileges. The vulnerability stems from insufficient validation of file paths used in file operati...
CVE-2024-5505
CVE-2024-5505 concerns the NETGEAR ProSAFE Network Management System, where the UpLoadServlet contains a directory traversal flaw that lacks proper validation of a user-supplied path in file operations. This leads to remote code execution with SYSTEM privileges. Exploitation is described as requi...
CVE-2024-6813
CVE-2024-6813 affects NETGEAR ProSAFE Network Management System. The vulnerability is in the getSortString method, where insufficient validation of a user-supplied string used to build SQL queries permits SQL Injection that can lead to remote code execution in the context of SYSTEM. Exploitation ...
CVE-2023-49693
The CVE-2023-49693 entry concerns NETGEAR ProSAFE Network Management System, where Java Debug Wire Protocol (JDWP) is exposed on port 11611 and accessible without authentication, enabling remote arbitrary code execution. Multiple connected records corroborate an unauthenticated access vector via ...
CVE-2021-27272
CVE-2021-27272 affects NETGEAR ProSAFE Network Management System 1.6.0.26. A flaw in the ReportTemplateController when parsing a path parameter allows a remote attacker to delete arbitrary files by abusing file operations, even though authentication is required—this authentication can be bypassed...
CVE-2021-27276
CVE-2021-27276 affects NETGEAR ProSAFE Network Management System 1.6.0.26. The vulnerability is a directory traversal issue in the MibController class: during parsing the realName parameter, user-supplied paths are not properly validated before file operations, enabling an attacker to delete arbi...
CVE-2023-49694
CVE-2023-49694 refers to a NETGEAR ProSAFE Network Management System privilege-escalation vulnerability on Windows hosts. An attacker with low OS privileges can create arbitrary JSP files in the Tomcat web-application directory and execute them under the SYSTEM security context, enabling full pri...