Unrestricted File Upload Remote Code Execution Vulnerability
CVE-2024-5247

8.8HIGH

Key Information:

Vendor: NETGEAR
Status: Prosafe Network Management System
Vendor: CVE Published:; 23 May 2024

Summary

The NETGEAR ProSAFE Network Management System contains a vulnerability in the UpLoadServlet component that permits remote attackers to upload files without adequate validation. This flaw can be exploited to execute arbitrary code within the context of the SYSTEM, thereby granting unauthorized access and control over the affected system. Authentication is required for exploitation, making it imperative for system administrators to apply the necessary security updates to mitigate this risk.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-498/

https://kb.netgear.com/000066165/Security-Advisory-for-Mi...

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 23, 2024