CVE-2023-38096
published 2024-05-03CVE-2023-38096: NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass…
PriorityP188critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
83.01%
99.6th percentile
NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of NETGEAR ProSAFE Network Management System. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the MyHandlerInterceptor class. The issue results from improper implementation of the authentication mechanism. An attacker can leverage this vulnerability to bypass authentication on the system.
. Was ZDI-CAN-19718.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | >= 0 < 5.4.0-204.224 | 5.4.0-204.224 |
| linux | linux_kernel | >= 0 < 6.8.0-35.35 | 6.8.0-35.35 |
| netgear | prosafe_network_management_system | < 1.7.0.20 | 1.7.0.20 |
| netgear | prosafe_network_management_system | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated HTTP requests targeting FileUploadController endpoints on NETGEAR ProSAFE NMS300, which may indicate exploitation of the authentication bypass chained with arbitrary file upload. ↗
- →Alert on file upload activity to NETGEAR NMS300 from unauthenticated sessions, particularly requests that bypass the MyHandlerInterceptor authentication check. ↗
- →Watch for SYSTEM-level process spawning originating from the NETGEAR NMS300 application process, which may indicate successful RCE following authentication bypass and file upload. ↗
- →Metasploit module `exploits/windows/http/netgear_nms_rce` targets this CVE; signature-based detection of this module's traffic patterns should be considered. ↗
- ·The vulnerability affects multiple specific versions of NETGEAR ProSAFE NMS300; ensure version scope is confirmed before applying detections to avoid false positives on unaffected versions. ↗
- ·Exploitation chains authentication bypass (MyHandlerInterceptor) with arbitrary file upload (FileUploadController); detections should account for both steps of the attack chain, not just the initial bypass. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux-iot vulnerabilities
osv·2025-04-03·CVSS 5.5
CVE-2022-38096 linux-iot vulnerabilities
linux-iot vulnerabilities
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not
properly handle certain error conditions, leading to a NULL pointer
dereference. A local attacker could possibly trigger this vulnerability to
cause a denial of service. (CVE-2022-38096)
Ye Zhang and Nicolas Wu discovered that the io_uring subsystem in the Linux
kernel did not properly handle locking for rings with IOPOLL, leading to a
double-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-21400)
Chenyuan Yang discovered that the CEC driver driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly
OSV
linux-raspi-5.4 vulnerabilities
osv·2025-01-15·CVSS 4.7
CVE-2022-38096 linux-raspi-5.4 vulnerabilities
linux-raspi-5.4 vulnerabilities
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not
properly handle certain error conditions, leading to a NULL pointer
dereference. A local attacker could possibly trigger this vulnerability to
cause a denial of service. (CVE-2022-38096)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Network drivers;
- SCSI subsystem;
- Ext4 file system;
- Bluetooth subsystem;
- Memory management;
- Amateur Radio drivers;
- Network traffic control;
- Sun RPC protocol;
- VMware vSockets driver;
(CVE-2023-52821, CVE-2024-40910, CVE-2024-43892, CVE-2024-49967,
CVE-2024-50264, CVE-2024-36952, CVE-2024-3855
OSV
linux, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-kvm, linux-raspi vulnerabilities
osv·2024-12-17·CVSS 4.7
CVE-2022-38096 linux, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-kvm, linux-raspi vulnerabilities
linux, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-kvm, linux-raspi vulnerabilities
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not
properly handle certain error conditions, leading to a NULL pointer
dereference. A local attacker could possibly trigger this vulnerability to
cause a denial of service. (CVE-2022-38096)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Network drivers;
- SCSI subsystem;
- Ext4 file system;
- Bluetooth subsystem;
- Memory management;
- Amateur Radio drivers;
- Network traffic control;
- Sun RPC protocol;
- VMware vSockets driver;
(CVE-2023-52821, CVE-2024-40910, CVE-2024-43892, CVE-20
OSV
linux-raspi vulnerabilities
osv·2024-07-26·CVSS 5.5
CVE-2022-38096 linux-raspi vulnerabilities
linux-raspi vulnerabilities
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not
properly handle certain error conditions, leading to a NULL pointer
dereference. A local attacker could possibly trigger this vulnerability to
cause a denial of service. (CVE-2022-38096)
It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2023-6270)
It was discovered that the Atheros 802.11ac wireless driver did not
properly validate certain data structures, leading to a NULL pointer
dereference. An attacker could possibly use this to cause a denial of
service. (CVE-2023-7042)
It was discovered
OSV
linux-oracle vulnerabilities
osv·2024-07-04·CVSS 5.5
CVE-2022-38096 linux-oracle vulnerabilities
linux-oracle vulnerabilities
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not
properly handle certain error conditions, leading to a NULL pointer
dereference. A local attacker could possibly trigger this vulnerability to
cause a denial of service. (CVE-2022-38096)
Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could possibly
use this to cause a denial of service (system crash). (CVE-2023-47233)
It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possib
OSV
linux-azure, linux-gke vulnerabilities
osv·2024-06-14·CVSS 5.5
CVE-2022-38096 linux-azure, linux-gke vulnerabilities
linux-azure, linux-gke vulnerabilities
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not
properly handle certain error conditions, leading to a NULL pointer
dereference. A local attacker could possibly trigger this vulnerability to
cause a denial of service. (CVE-2022-38096)
Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could possibly
use this to cause a denial of service (system crash). (CVE-2023-47233)
It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service
OSV
linux-oem-6.8 vulnerabilities
osv·2024-06-11·CVSS 5.5
CVE-2022-38096 linux-oem-6.8 vulnerabilities
linux-oem-6.8 vulnerabilities
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not
properly handle certain error conditions, leading to a NULL pointer
dereference. A local attacker could possibly trigger this vulnerability to
cause a denial of service. (CVE-2022-38096)
Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could possibly
use this to cause a denial of service (system crash). (CVE-2023-47233)
It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possi
OSV
linux-aws, linux-gcp vulnerabilities
osv·2024-06-07·CVSS 5.5
CVE-2022-38096 linux-aws, linux-gcp vulnerabilities
linux-aws, linux-gcp vulnerabilities
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not
properly handle certain error conditions, leading to a NULL pointer
dereference. A local attacker could possibly trigger this vulnerability to
cause a denial of service. (CVE-2022-38096)
Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could possibly
use this to cause a denial of service (system crash). (CVE-2023-47233)
It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service o
OSV
linux, linux-ibm, linux-lowlatency, linux-raspi vulnerabilities
osv·2024-06-07·CVSS 5.5
CVE-2022-38096 linux, linux-ibm, linux-lowlatency, linux-raspi vulnerabilities
linux, linux-ibm, linux-lowlatency, linux-raspi vulnerabilities
Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not
properly handle certain error conditions, leading to a NULL pointer
dereference. A local attacker could possibly trigger this vulnerability to
cause a denial of service. (CVE-2022-38096)
Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux
kernel contained a race condition during device removal, leading to a use-
after-free vulnerability. A physically proximate attacker could possibly
use this to cause a denial of service (system crash). (CVE-2023-47233)
It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to
GHSA
GHSA-whh9-qwjx-x7jq: NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability
ghsa_unreviewed·2024-05-03
CVE-2023-38096 [CRITICAL] CWE-287 GHSA-whh9-qwjx-x7jq: NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability
NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of NETGEAR ProSAFE Network Management System. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the MyHandlerInterceptor class. The issue results from improper implementation of the authentication mechanism. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19718.
No detection rules found.
No writeups or analysis indexed.
https://kb.netgear.com/000065707/Security-Advisory-for-Multiple-Vulnerabilities-on-the-ProSAFE-Network-Management-System-PSV-2023-0024-PSV-2023-0025https://www.zerodayinitiative.com/advisories/ZDI-23-920/https://kb.netgear.com/000065707/Security-Advisory-for-Multiple-Vulnerabilities-on-the-ProSAFE-Network-Management-System-PSV-2023-0024-PSV-2023-0025https://www.zerodayinitiative.com/advisories/ZDI-23-920/
2024-05-03
Published