CVE-2023-38098 : NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload

NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UpLoadServlet class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19720.

Published 2024-05-03 01:59:01

Updated 2025-02-06 18:01:43

Source Zero Day Initiative

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2023-38098

Netgear » Prosafe Network Management System
Versions before (<) 1.7.0.20
cpe:2.3:a:netgear:prosafe_network_management_system:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-38098

EPSS FAQ

75.91%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2023-38098

NETGEAR ProSafe Network Management System 300 Arbitrary File Upload

Disclosure Date: 2016-02-04

First seen: 2020-04-26

exploit/windows/http/netgear_nms_rce

Netgear's ProSafe NMS300 is a network management utility that runs on Windows systems. The application has multiple vulnerabilities that can allow an unauthenticated remote attacker to execute code as SYSTEM user. Vulnerabilities include authentication bypass,

More information

CVSS scores for CVE-2023-38098

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	Zero Day Initiative	2024-05-03
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST	2025-02-06
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-38098

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Assigned by: zdi-disclosures@trendmicro.com (Secondary)

References for CVE-2023-38098

https://www.zerodayinitiative.com/advisories/ZDI-23-918/

ZDI-23-918 | Zero Day Initiative
Third Party Advisory
https://kb.netgear.com/000065707/Security-Advisory-for-Multiple-Vulnerabilities-on-the-ProSAFE-Network-Management-System-PSV-2023-0024-PSV-2023-0025

Security Advisory for Multiple Vulnerabilities on the ProSAFE® Network Management System, PSV-2023-0024 & PSV-2023-0025 - NETGEAR Support
Vendor Advisory

CVEs referencing this url

Jump to