CVE-2024-5246

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions NETGEAR ProSAFE Network Management System (affected versions not specified)

Description This issue allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this issue. The specific flaw exists within the product installer due to the use of a vulnerable version of Apache Tomcat, which results from insufficient input validation. An attacker can leverage this issue to execute code in the context of SYSTEM.

Recommendations At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1395CWE-20

Related Identifiers

BDU:2024-04674

CVE-2024-5246

ZDI-24-497

Affected Products

Apache Tomcat

Netgear Prosafe Network Management System

CVE-2024-5246

Weakness Enumeration

Related Identifiers

Affected Products

References · 8