Remote Code Execution Vulnerability in NETGEAR ProSAFE Network Management System
CVE-2024-5246

Currently unrated

Key Information:

Vendor: NETGEAR
Status: Prosafe Network Management Software 300
Vendor: CVE Published:; 23 May 2024

What is CVE-2024-5246?

NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability.

The specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Apache Tomcat. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22868.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-497/

https://kb.netgear.com/000066164/Security-Advisory-for-Mu...

EPSS Score

29% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2024