Netgear Prosafe Network Management System vulnerabilities
2 known vulnerabilities affecting netgear/netgear_prosafe_network_management_system.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2023-49693CRITICALCVSS 9.8fixed in 1.7.0.342023-11-29
CVE-2023-49693 [CRITICAL] CWE-306 CVE-2023-49693:
NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 116
NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code.
cvelistv5nvd
CVE-2023-49694HIGHCVSS 7.8fixed in 1.7.0.342023-11-29
CVE-2023-49694 [HIGH] CWE-284 CVE-2023-49694:
A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management S
A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM.
cvelistv5nvd