NETGEAR ProSAFE Network Management System MFileUploadController Unrestricted File Upload Remote Code Execution Vulnerability
CVE-2023-38095

8.8HIGH

Key Information:

Vendor
Netgear
Vendor
CVE Published:
3 May 2024

Summary

A vulnerability exists in the MFileUploadController class of NETGEAR ProSAFE Network Management System that enables remote attackers to execute arbitrary code. This security flaw stems from inadequate validation of user-supplied data, facilitating the upload of potentially harmful files. Although exploitation of this vulnerability requires user authentication, the current mechanism can be bypassed, allowing adversaries to gain unauthorized access. The impact of this vulnerability enables attackers to run code with SYSTEM privileges, heightening the risk of significant security breaches across affected installations.

Affected Version(s)

ProSAFE Network Management System 1.7.0.12 (Win64)

References

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.