NETGEAR ProSAFE Network Management System getSortString SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability.
The specific flaw exists within the getSortString method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-23207.
Metrics
Affected Vendors & Products
References
History
Tue, 27 Aug 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Netgear prosafe Network Management System
|
|
CPEs | cpe:2.3:a:netgear:prosafe_network_management_system:1.7.0.34:*:*:*:*:*:x64:* | |
Vendors & Products |
Netgear prosafe Network Management System
|
|
Metrics |
cvssV3_1
|
Wed, 21 Aug 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Netgear
Netgear nms300 Firmware |
|
CPEs | cpe:2.3:o:netgear:nms300_firmware:*:*:*:*:*:*:*:* | |
Vendors & Products |
Netgear
Netgear nms300 Firmware |
|
Metrics |
ssvc
|
Wed, 21 Aug 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | NETGEAR ProSAFE Network Management System getSortString SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the getSortString method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-23207. | |
Title | NETGEAR ProSAFE Network Management System getSortString SQL Injection Remote Code Execution Vulnerability | |
Weaknesses | CWE-89 | |
References |
| |
Metrics |
cvssV3_0
|
MITRE
Status: PUBLISHED
Assigner: zdi
Published: 2024-08-21T16:09:01.959Z
Updated: 2024-08-21T17:55:49.404Z
Reserved: 2024-07-16T21:14:06.386Z
Link: CVE-2024-6813
Vulnrichment
Updated: 2024-08-21T17:55:44.493Z
NVD
Status : Analyzed
Published: 2024-08-21T16:15:09.163
Modified: 2024-08-27T15:01:38.630
Link: CVE-2024-6813
Redhat
No data.