Remote Code Execution Vulnerability in NETGEAR ProSAFE Network Management System
CVE-2024-5505

8.8HIGH

Key Information:

Vendor: Netgear
Status: Prosafe Network Management System
Vendor: CVE Published:; 6 June 2024

Summary

The NETGEAR ProSAFE Network Management System suffers from a significant vulnerability in the UpLoadServlet class, which fails to properly validate user-supplied paths prior to file operations. This oversight allows attackers with authenticated access to exploit the flaw, enabling them to execute arbitrary code with SYSTEM privileges. Effective remediation involves patching affected versions and enforcing strict access controls.

Affected Version(s)

ProSAFE Network Management System 1.7.0.34 x64

References

https://www.zerodayinitiative.com/advisories/ZDI-24-563/

x_research-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 6, 2024
Vulnerability Reserved
May 29, 2024