CVE-2023-24498 - Vulnerability Details - OpenCVE

Description

An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text.

Published: 2023-02-15

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Netgear

ProSAFE 24 Port 10/100 FS726TP

affected

Version	Status	Constraints
`.`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:netgear:prosafe_fs726tp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:prosafe_fs726tp:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

Vendor Solution

The FS726TP switch is End of Life. Users should consider upgrading to a modern switch.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-28516	An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0021.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.gov.il/en/Departments/faq/cve_advisories

History

No history.

Subscriptions

Netgear Prosafe Fs726tp Prosafe Fs726tp Firmware

MITRE

Status: PUBLISHED

Assigner: INCD

Published: 2023-02-15T00:00:00.000Z

Updated: 2025-03-18T15:47:36.542Z

Reserved: 2023-01-24T00:00:00.000Z

Link: CVE-2023-24498

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-15T19:15:13.280

Modified: 2024-11-21T07:47:59.617

Link: CVE-2023-24498

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-522

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-24498", "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "assignerShortName": "INCD", "dateUpdated": "2025-03-18T15:47:36.542Z", "dateReserved": "2023-01-24T00:00:00.000Z", "datePublished": "2023-02-15T00:00:00.000Z"}, "containers": {"cna": {"title": "Netgear ProSAFE 24 Port 10/100 FS726TP - CWE-522: Insufficiently Protected Credentials.", "datePublic": "2023-02-15T00:00:00.000Z", "providerMetadata": {"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "shortName": "INCD", "dateUpdated": "2023-02-15T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text."}], "affected": [{"vendor": "Netgear", "product": "ProSAFE 24 Port 10/100 FS726TP", "versions": [{"version": ".", "status": "affected"}]}], "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories"}], "credits": [{"lang": "en", "value": "MetaData"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-522 Insufficiently Protected Credentials", "cweId": "CWE-522"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"defect": ["ILVN-2023-0085"], "discovery": "UNKNOWN"}, "solutions": [{"lang": "en", "value": "The FS726TP switch is End of Life. Users should consider upgrading to a modern switch."}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:56:04.232Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-18T15:47:29.847281Z", "id": "CVE-2023-24498", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-18T15:47:36.542Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:prosafe_fs726tp_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "032C8A6E-66C2-4FDE-8244-4327283FB50F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:prosafe_fs726tp:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0BABC99-6920-4EF9-B296-E643C53AE7AC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text."}], "id": "CVE-2023-24498", "lastModified": "2024-11-21T07:47:59.617", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "cna@cyber.gov.il", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-15T19:15:13.280", "references": [{"source": "cna@cyber.gov.il", "tags": ["Third Party Advisory"], "url": "https://www.gov.il/en/Departments/faq/cve_advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.gov.il/en/Departments/faq/cve_advisories"}], "sourceIdentifier": "cna@cyber.gov.il", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "cna@cyber.gov.il", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}