Lucene search

K
zdiSteven Seeley of Source InciteZDI-23-914
HistoryJul 13, 2023 - 12:00 a.m.

NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability

2023-07-1300:00:00
Steven Seeley of Source Incite
www.zerodayinitiative.com
10
remote attack
privilege escalation
authorization bypass
createuser function

0.0005 Low

EPSS

Percentile

16.2%

This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the createUser function. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user.

0.0005 Low

EPSS

Percentile

16.2%

Related for ZDI-23-914