NETGEAR ProSAFE Network Management System MFileUploadController Unrestricted File Upload Remote Code Execution Vulnerability
CVE-2023-38095
Summary
A vulnerability exists in the MFileUploadController class of NETGEAR ProSAFE Network Management System that enables remote attackers to execute arbitrary code. This security flaw stems from inadequate validation of user-supplied data, facilitating the upload of potentially harmful files. Although exploitation of this vulnerability requires user authentication, the current mechanism can be bypassed, allowing adversaries to gain unauthorized access. The impact of this vulnerability enables attackers to run code with SYSTEM privileges, heightening the risk of significant security breaches across affected installations.
Affected Version(s)
ProSAFE Network Management System 1.7.0.12 (Win64)
References
EPSS Score
8% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved