Netgear Prosafe Network Management System vulnerabilities

CVE-2024-6814 [HIGH] CWE-89 CVE-2024-6814: NETGEAR ProSAFE Network Management System getFilterString SQL Injection Remote Code Execution Vulner NETGEAR ProSAFE Network Management System getFilterString SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the getFilterSt

CVE-2024-6813 [HIGH] CWE-89 CVE-2024-6813: NETGEAR ProSAFE Network Management System getSortString SQL Injection Remote Code Execution Vulnerab NETGEAR ProSAFE Network Management System getSortString SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the getSortString

CVE-2024-5505 [HIGH] CWE-22 CVE-2024-5505: NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vu NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpLoadS

CVE-2024-5247 [HIGH] CWE-434 CVE-2024-5247: NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Executi NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the U

CVE-2024-5246 [HIGH] CWE-1395 CVE-2024-5246: NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerabi NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the product installer. The issue res

CVE-2024-5245 [HIGH] CWE-1392 CVE-2024-5245: NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerabili NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit

CVE-2023-38096 [CRITICAL] CWE-287 CVE-2023-38096: NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability. NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of NETGEAR ProSAFE Network Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MyHandlerIn

CVE-2023-50231 [CRITICAL] CWE-79 CVE-2023-50231: NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation Vu NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists withi

CVE-2023-44449 [HIGH] CWE-89 CVE-2023-44449: NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnera NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the clearAlertByI

CVE-2023-38097 [HIGH] CWE-749 CVE-2023-38097: NETGEAR ProSAFE Network Management System BkreProcessThread Exposed Dangerous Function Remote Code E NETGEAR ProSAFE Network Management System BkreProcessThread Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authenti

CVE-2023-44450 [HIGH] CWE-89 CVE-2023-44450: NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote Code Exec NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within t

CVE-2023-38102 [HIGH] CWE-862 CVE-2023-38102: NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vuln NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism

CVE-2023-38095 [HIGH] CWE-434 CVE-2023-38095: NETGEAR ProSAFE Network Management System MFileUploadController Unrestricted File Upload Remote Code NETGEAR ProSAFE Network Management System MFileUploadController Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authen

CVE-2023-38101 [HIGH] CWE-749 CVE-2023-38101: NETGEAR ProSAFE Network Management System SettingConfigController Exposed Dangerous Function Remote NETGEAR ProSAFE Network Management System SettingConfigController Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing aut

CVE-2023-38099 [HIGH] CWE-89 CVE-2023-38099: NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote Code Exec NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authenticati

CVE-2023-38100 [HIGH] CWE-89 CVE-2023-38100: NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnera NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can

CVE-2023-41182 [HIGH] CWE-22 CVE-2023-41182: NETGEAR ProSAFE Network Management System ZipUtils Directory Traversal Remote Code Execution Vulnera NETGEAR ProSAFE Network Management System ZipUtils Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism

CVE-2023-38098 [HIGH] CWE-434 CVE-2023-38098: NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Executi NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication

CVE-2023-49693 [CRITICAL] CWE-306 CVE-2023-49693: NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 116 NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code.

CVE-2023-49694 [HIGH] CWE-284 CVE-2023-49694: A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management S A low-privileged OS user with access to a Windows host where NETGEAR ProSAFE Network Management System is installed can create arbitrary JSP files in a Tomcat web application directory. The user can then execute the JSP files under the security context of SYSTEM.