CVE-2023-38096

CWE-287 — Improper Authentication12 documents4 sources

Severity

9.8CRITICAL

EPSS

74.9%

top 1.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Prosafe Network Management System

Timeline

PublishedMay 3

Latest updateApr 3

Description

NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of NETGEAR ProSAFE Network Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MyHandlerInterceptor class. The issue results from improper implementation of the authentication mechanism. An attacker can leverage this vulnerability to bypass…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDnetgear/prosafe_network_management_system< 1.7.0.20

▶CVEListV5netgear/prosafe_network_management_system1.7.0.12 (Win64)

🔴Vulnerability Details

OSV

linux-iot vulnerabilities↗2025-04-03

▶

OSV

linux-raspi-5.4 vulnerabilities↗2025-01-15

▶

OSV

linux, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-kvm, linux-raspi vulnerabilities↗2024-12-17

▶

OSV

linux-raspi vulnerabilities↗2024-07-26

▶

OSV

linux-oracle vulnerabilities↗2024-07-04

▶