cbcvebase.
CVE-2023-38096
published 2024-05-03

CVE-2023-38096: NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass…

PriorityP188critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
83.01%
99.6th percentile
NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of NETGEAR ProSAFE Network Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MyHandlerInterceptor class. The issue results from improper implementation of the authentication mechanism. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-19718.

Affected

4 ranges
VendorProductVersion rangeFixed in
linuxlinux_kernel>= 0 < 5.4.0-204.2245.4.0-204.224
linuxlinux_kernel>= 0 < 6.8.0-35.356.8.0-35.35
netgearprosafe_network_management_system< 1.7.0.201.7.0.20
netgearprosafe_network_management_system

Detection & IOCsextracted from sources · hover to see the quote

url/FileUploadController
otherNETGEAR ProSAFE NMS MyHandlerInterceptor authentication bypass
  • Monitor for unauthenticated HTTP requests targeting FileUploadController endpoints on NETGEAR ProSAFE NMS300, which may indicate exploitation of the authentication bypass chained with arbitrary file upload.
  • Alert on file upload activity to NETGEAR NMS300 from unauthenticated sessions, particularly requests that bypass the MyHandlerInterceptor authentication check.
  • Watch for SYSTEM-level process spawning originating from the NETGEAR NMS300 application process, which may indicate successful RCE following authentication bypass and file upload.
  • Metasploit module `exploits/windows/http/netgear_nms_rce` targets this CVE; signature-based detection of this module's traffic patterns should be considered.
  • ·The vulnerability affects multiple specific versions of NETGEAR ProSAFE NMS300; ensure version scope is confirmed before applying detections to avoid false positives on unaffected versions.
  • ·Exploitation chains authentication bypass (MyHandlerInterceptor) with arbitrary file upload (FileUploadController); detections should account for both steps of the attack chain, not just the initial bypass.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.