PT-2023-3793 · NetGear · Netgear Prosafe Network Management System
Steven Seeley
·
Published
2023-02-08
·
Updated
2024-09-18
·
CVE-2023-38101
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
NETGEAR ProSAFE Network Management System (affected versions not specified)
Description
The issue is related to the SettingConfigController class in the NETGEAR ProSAFE Network Management System, which lacks an authorization procedure. This allows a remote attacker to execute arbitrary code in the context of SYSTEM by leveraging an exposed dangerous function. Although authentication is typically required, the existing mechanism can be bypassed.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Netgear Prosafe Network Management System