CVE-2023-24498 - Vulnerability Details - OpenCVE

An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00074.

Key SSVC decision points have not yet been added.

Vendors	Products
Netgear	Prosafe Fs726tp Prosafe Fs726tp Firmware

Configuration 1 [-]

AND

cpe:2.3:o:netgear:prosafe_fs726tp_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netgear:prosafe_fs726tp:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-28516	An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text.

Fixes

Solution

The FS726TP switch is End of Life. Users should consider upgrading to a modern switch.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.gov.il/en/Departments/faq/cve_advisories

History

No history.

MITRE

Status: PUBLISHED

Assigner: INCD

Published: 2023-02-15T00:00:00.000Z

Updated: 2025-03-18T15:47:36.542Z

Reserved: 2023-01-24T00:00:00.000Z

Link: CVE-2023-24498

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-15T19:15:13.280

Modified: 2024-11-21T07:47:59.617

Link: CVE-2023-24498

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-24498", "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "assignerShortName": "INCD", "dateUpdated": "2025-03-18T15:47:36.542Z", "dateReserved": "2023-01-24T00:00:00.000Z", "datePublished": "2023-02-15T00:00:00.000Z"}, "containers": {"cna": {"title": "Netgear ProSAFE 24 Port 10/100 FS726TP - CWE-522: Insufficiently Protected Credentials.", "datePublic": "2023-02-15T00:00:00.000Z", "providerMetadata": {"orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "shortName": "INCD", "dateUpdated": "2023-02-15T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text."}], "affected": [{"vendor": "Netgear", "product": "ProSAFE 24 Port 10/100 FS726TP", "versions": [{"version": ".", "status": "affected"}]}], "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories"}], "credits": [{"lang": "en", "value": "MetaData"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-522 Insufficiently Protected Credentials", "cweId": "CWE-522"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"defect": ["ILVN-2023-0085"], "discovery": "UNKNOWN"}, "solutions": [{"lang": "en", "value": "The FS726TP switch is End of Life. Users should consider upgrading to a modern switch."}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:56:04.232Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-18T15:47:29.847281Z", "id": "CVE-2023-24498", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-18T15:47:36.542Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netgear:prosafe_fs726tp_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "032C8A6E-66C2-4FDE-8244-4327283FB50F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netgear:prosafe_fs726tp:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0BABC99-6920-4EF9-B296-E643C53AE7AC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text."}], "id": "CVE-2023-24498", "lastModified": "2024-11-21T07:47:59.617", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "cna@cyber.gov.il", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-15T19:15:13.280", "references": [{"source": "cna@cyber.gov.il", "tags": ["Third Party Advisory"], "url": "https://www.gov.il/en/Departments/faq/cve_advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.gov.il/en/Departments/faq/cve_advisories"}], "sourceIdentifier": "cna@cyber.gov.il", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "cna@cyber.gov.il", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}