NETGEAR ProSAFE Network Management System RCE via Unprotected Access to Java Debug Wire Protocol
CVE-2023-49693
9.8CRITICAL
Key Information
- Vendor
- NETGEAR
- Status
- NETGEAR ProSAFE Network Management System
- Vendor
- CVE Published:
- 29 November 2023
Summary
NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code.
Affected Version(s)
NETGEAR ProSAFE Network Management System < 1.7.0.34
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database