CVE-2023-38095

Name of the Vulnerable Software and Affected Versions NETGEAR ProSAFE Network Management System (affected versions not specified)

Description The issue is related to the lack of proper validation of user-supplied data in the MFileUploadController class, allowing the upload of arbitrary files. This can enable a remote attacker to execute arbitrary code on affected installations, even though authentication is typically required. The existing authentication mechanism can be bypassed, and an attacker can leverage this issue to execute code in the context of SYSTEM.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.