SQL Injection Vulnerability in NETGEAR ProSAFE Network Management System
CVE-2024-6813

8.8HIGH

Key Information:

Vendor: Netgear
Status: Prosafe Network Management System
Vendor: CVE Published:; 21 August 2024

Summary

The vulnerability within the NETGEAR ProSAFE Network Management System arises from inadequate validation of a user-supplied string in the getSortString method, leading to SQL Injection. This flaw permits remote attackers with necessary authentication to manipulate SQL queries, enabling them to execute arbitrary code with SYSTEM privileges. Organizations utilizing affected versions of the system are urged to apply available security updates to mitigate this risk. For further details, review the applicable security advisories.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-902/

https://kb.netgear.com/000066231/Security-Advisory-for-SQ...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 21, 2024