cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-6814,https://securityvulnerability.io/vulnerability/CVE-2024-6814,SQL Injection Vulnerability in NETGEAR ProSAFE Network Management System,"The vulnerability involves a flaw in the getFilterString method of the NETGEAR ProSAFE Network Management System, which fails to properly validate user-supplied input before using it in SQL queries. This allows remote attackers to execute arbitrary code on affected systems, provided they can authenticate. Successful exploitation could result in complete control over the system, escalating risks for data integrity and security. This issue has been identified as ZDI-CAN-23399, with additional details available from NETGEAR.",Netgear,Prosafe Network Management System,8.8,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2024-08-21T16:15:00.000Z,0
CVE-2024-6813,https://securityvulnerability.io/vulnerability/CVE-2024-6813,SQL Injection Vulnerability in NETGEAR ProSAFE Network Management System,"The vulnerability within the NETGEAR ProSAFE Network Management System arises from inadequate validation of a user-supplied string in the getSortString method, leading to SQL Injection. This flaw permits remote attackers with necessary authentication to manipulate SQL queries, enabling them to execute arbitrary code with SYSTEM privileges. Organizations utilizing affected versions of the system are urged to apply available security updates to mitigate this risk. For further details, review the applicable security advisories.",Netgear,Prosafe Network Management System,8.8,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2024-08-21T16:15:00.000Z,0
CVE-2024-5505,https://securityvulnerability.io/vulnerability/CVE-2024-5505,Remote Code Execution Vulnerability in NETGEAR ProSAFE Network Management System,"The NETGEAR ProSAFE Network Management System suffers from a significant vulnerability in the UpLoadServlet class, which fails to properly validate user-supplied paths prior to file operations. This oversight allows attackers with authenticated access to exploit the flaw, enabling them to execute arbitrary code with SYSTEM privileges. Effective remediation involves patching affected versions and enforcing strict access controls.",Netgear,Prosafe Network Management System,8.8,HIGH,0.0018500000005587935,false,,false,false,false,,,false,false,,2024-06-06T17:49:15.113Z,0
CVE-2023-50231,https://securityvulnerability.io/vulnerability/CVE-2023-50231,NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation Vulnerability,"The vulnerability resides in the saveNodeLabel method of the NETGEAR ProSAFE Network Management System, which lacks adequate validation of user-supplied data. This flaw permits an intervention from remote attackers allowing them to inject arbitrary scripts. The exploitation of this vulnerability can lead to unauthorized privilege escalation, granting attackers access to sensitive resources typically shielded from standard user access. A minimal level of user interaction is needed for attackers to exploit this defect, emphasizing the importance of prompt security measures.",Netgear,Prosafe Network Management System,8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-05-03T03:16:00.000Z,0
CVE-2023-44450,https://securityvulnerability.io/vulnerability/CVE-2023-44450,Remote Code Execution Vulnerability in NETGEAR ProSAFE Network Management System,"The NETGEAR ProSAFE Network Management System is susceptible to an SQL injection vulnerability that permits remote attackers to execute arbitrary code. The flaw specifically resides in the getNodesByTopologyMapSearch function, which fails to adequately validate user-provided strings before integrating them into SQL queries. This oversight allows attackers, once authenticated, to manipulate database queries and execute commands with SYSTEM privileges. Proper security measures and patching are crucial to mitigate the risks associated with this vulnerability.",Netgear,Prosafe Network Management System,8.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-05-03T02:14:11.766Z,0
CVE-2023-44449,https://securityvulnerability.io/vulnerability/CVE-2023-44449,Remote Privilege Escalation Vulnerability in NETGEAR ProSAFE Network Management System,"The ProSAFE Network Management System from NETGEAR contains a vulnerability in its clearAlertByIds function, where insufficient validation of a user-supplied string allows an attacker to construct malicious SQL queries. This weakness enables an authenticated attacker to escalate privileges, gaining access to resources that are typically restricted. Proper string validation is essential to mitigate such risks and protect sensitive data from unauthorized access.",Netgear,Prosafe Network Management System,8.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-05-03T02:14:11.010Z,0
CVE-2023-41182,https://securityvulnerability.io/vulnerability/CVE-2023-41182,NETGEAR ProSAFE Network Management System ZipUtils Directory Traversal Remote Code Execution Vulnerability,"The vulnerability in NETGEAR ProSAFE Network Management System arises from a flaw in the ZipUtils class, where it inadequately validates user-supplied paths during file operations. This oversight makes it possible for remote attackers, even with authentication, to bypass security mechanisms and execute arbitrary code with SYSTEM privileges. Proper safeguards are essential to mitigate potential risks associated with this vulnerability, as it could lead to significant compromises in secure network management.",Netgear,Prosafe Network Management System,7.2,HIGH,0.0006600000197067857,false,,false,false,false,,,false,false,,2024-05-03T02:11:43.770Z,0
CVE-2023-38102,https://securityvulnerability.io/vulnerability/CVE-2023-38102,NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability,"A privilege escalation vulnerability exists in the NETGEAR ProSAFE Network Management System, specifically within the createUser function. Due to insufficient authorization checks, an attacker may exploit this vulnerability to obtain elevated privileges. This allows unauthorized users to access resources and functionalities that should be restricted. While authentication is required to access the system, the vulnerability enables the bypassing of the existing authentication mechanism, posing a significant risk to security.",Netgear,Prosafe Network Management System,8.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-05-03T01:59:03.692Z,0
CVE-2023-38101,https://securityvulnerability.io/vulnerability/CVE-2023-38101,NETGEAR ProSAFE Network Management System SettingConfigController Exposed Dangerous Function Remote Code Execution Vulnerability,"The vulnerability within the NETGEAR ProSAFE Network Management System's SettingConfigController allows remote attackers to execute arbitrary code due to an exposed dangerous function. Although exploitation requires authentication, the vulnerability enables attackers to bypass the existing authentication mechanisms. This flaw allows code execution in the context of SYSTEM, potentially leading to severe security implications for affected installations. Organizations using this management system should review the advisory for mitigations and updates to address this significant security concern.",Netgear,Prosafe Network Management System,7.2,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-05-03T01:59:02.918Z,0
CVE-2023-38100,https://securityvulnerability.io/vulnerability/CVE-2023-38100,NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability,"The NETGEAR ProSAFE Network Management System is impacted by a vulnerability that allows remote attackers to escalate privileges due to improper validation of user input in the clearAlertByIds function. This flaw enables attackers to construct SQL queries that could grant them access to resources they should not be able to control. Although the exploit requires authentication, it allows attackers to bypass existing authentication mechanisms, posing a significant security threat to networks utilizing this system. Organizations are advised to assess their systems for this vulnerability and apply available patches or mitigations.",Netgear,Prosafe Network Management System,8.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-05-03T01:59:02.233Z,0
CVE-2023-38099,https://securityvulnerability.io/vulnerability/CVE-2023-38099,NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote Code Execution Vulnerability,"A critical SQL injection vulnerability has been identified in the getNodesByTopologyMapSearch function of the NETGEAR ProSAFE Network Management System. The flaw originates from insufficient validation of user-supplied input used in SQL query construction, enabling remote attackers to exploit it to execute arbitrary code on compromised installations. Although the vulnerability requires user authentication, the existing authentication mechanism is susceptible to bypass, allowing unauthorized access. Successful exploitation can lead to executing commands in the context of the SYSTEM user, posing significant risks to sensitive data and system integrity.",Netgear,Prosafe Network Management System,8.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-05-03T01:59:01.440Z,0
CVE-2023-38098,https://securityvulnerability.io/vulnerability/CVE-2023-38098,NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability,"The vulnerability in the NETGEAR ProSAFE Network Management System arises from an insecure implementation in the UpLoadServlet class, where insufficient validation of user-supplied data allows malicious actors to upload arbitrary files. Despite requiring authentication, the current mechanism is flawed, enabling attackers to bypass it and execute arbitrary code within the SYSTEM context. This poses a significant security risk, as successful exploitation can lead to severe consequences for affected installations, compromising sensitive data and system integrity.",Netgear,Prosafe Network Management System,8.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-05-03T01:59:00.556Z,0
CVE-2023-38097,https://securityvulnerability.io/vulnerability/CVE-2023-38097,NETGEAR ProSAFE Network Management System BkreProcessThread Exposed Dangerous Function Remote Code Execution Vulnerability,"A vulnerability within the NETGEAR ProSAFE Network Management System allows remote attackers to execute arbitrary code due to an exposed dangerous function in the BkreProcessThread class. Although the exploitation requires authentication, the authentication mechanism has a significant weakness that enables attackers to bypass this requirement. Successful exploitation of this flaw permits attackers to execute code with SYSTEM privileges, severely compromising the integrity and security of affected installations.",Netgear,Prosafe Network Management System,7.2,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-05-03T01:58:59.798Z,0
CVE-2023-38096,https://securityvulnerability.io/vulnerability/CVE-2023-38096,NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability,"A vulnerability within the MyHandlerInterceptor class of the NETGEAR ProSAFE Network Management System facilitates authentication bypass. This flaw allows remote attackers to exploit the system without requiring any form of authentication, undermining the security posture of the system. Proper implementation measures are essential to mitigate the risk associated with this vulnerability and safeguard against potential unauthorized access.",Netgear,Prosafe Network Management System,9.8,CRITICAL,0.00046999999904073775,false,,false,false,false,,,false,false,,2024-05-03T01:58:59.063Z,0
CVE-2023-38095,https://securityvulnerability.io/vulnerability/CVE-2023-38095,NETGEAR ProSAFE Network Management System MFileUploadController Unrestricted File Upload Remote Code Execution Vulnerability,"A vulnerability exists in the MFileUploadController class of NETGEAR ProSAFE Network Management System that enables remote attackers to execute arbitrary code. This security flaw stems from inadequate validation of user-supplied data, facilitating the upload of potentially harmful files. Although exploitation of this vulnerability requires user authentication, the current mechanism can be bypassed, allowing adversaries to gain unauthorized access. The impact of this vulnerability enables attackers to run code with SYSTEM privileges, heightening the risk of significant security breaches across affected installations.",Netgear,Prosafe Network Management System,8.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-05-03T01:58:58.287Z,0
CVE-2023-49693,https://securityvulnerability.io/vulnerability/CVE-2023-49693,NETGEAR ProSAFE Network Management System RCE via Unprotected Access to Java Debug Wire Protocol,"The NETGEAR ProSAFE Network Management System is exposed to a vulnerability due to the Java Debug Wire Protocol (JDWP) being accessible on port 11611 without authentication. This flaw permits attackers to remotely execute arbitrary code, which can lead to unauthorized control over the system and compromise sensitive information. Organizations using this system should take immediate action to mitigate this risk.",NETGEAR,NETGEAR ProSAFE Network Management System,9.8,CRITICAL,0.003169999923557043,false,,false,false,false,,,false,false,,2023-11-29T23:15:00.000Z,0
CVE-2023-49694,https://securityvulnerability.io/vulnerability/CVE-2023-49694,NETGEAR ProSAFE Network Management System Privilege Escalation Via MySQL Server,"A vulnerability exists in the NETGEAR ProSAFE Network Management System, where a low-privileged OS user can gain unauthorized access and create arbitrary JSP files within the Tomcat web application directory. This allows the malicious user to execute these JSP files with the security privileges of the SYSTEM account, potentially leading to further exploitation of the system.",NETGEAR,NETGEAR ProSAFE Network Management System,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-11-29T23:15:00.000Z,0
CVE-2021-27276,https://securityvulnerability.io/vulnerability/CVE-2021-27276,,"This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the MibController class. When parsing the realName parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12122.",Netgear,Prosafe Network Management System,7.1,HIGH,0.009139999747276306,false,,false,false,false,,,false,false,,2021-03-29T20:55:25.000Z,0
CVE-2021-27275,https://securityvulnerability.io/vulnerability/CVE-2021-27275,,"This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ConfigFileController class. When parsing the realName parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose sensitive information or to create a denial-of-service condition on the system. Was ZDI-CAN-12125.",Netgear,Prosafe Network Management System,8.3,HIGH,0.010590000078082085,false,,false,false,false,,,false,false,,2021-03-29T20:55:24.000Z,0
CVE-2021-27273,https://securityvulnerability.io/vulnerability/CVE-2021-27273,,"This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SettingConfigController class. When parsing the fileName parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12121.",Netgear,Prosafe Network Management System,8.8,HIGH,0.04134000092744827,false,,false,false,false,,,false,false,,2021-03-29T20:55:23.000Z,0
CVE-2021-27274,https://securityvulnerability.io/vulnerability/CVE-2021-27274,,This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MFileUploadController class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12124.,Netgear,Prosafe Network Management System,9.8,CRITICAL,0.0356299988925457,false,,false,false,false,,,false,false,,2021-03-29T20:55:23.000Z,0
CVE-2021-27272,https://securityvulnerability.io/vulnerability/CVE-2021-27272,,"This vulnerability allows remote attackers to delete arbitrary files on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ReportTemplateController class. When parsing the path parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-12123.",Netgear,Prosafe Network Management System,7.1,HIGH,0.009139999747276306,false,,false,false,false,,,false,false,,2021-03-29T20:55:22.000Z,0