Netgear ProSAFE Network Management System SettingConfigController routine
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.1 | $0-$5k | 0.00 |
Summary
A vulnerability labeled as very critical has been found in Netgear ProSAFE Network Management System. This vulnerability affects the function SettingConfigController. Executing a manipulation can lead to an unknown weakness.
This vulnerability is registered as CVE-2023-38101. It is possible to launch the attack remotely. No exploit is available.
The affected component should be upgraded.
Details
A vulnerability was found in Netgear ProSAFE Network Management System (the affected version unknown). It has been declared as very critical. The CWE definition for the vulnerability is CWE-749. The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:
NETGEAR ProSAFE Network Management System SettingConfigController Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the SettingConfigController class. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-19725.
The weakness was published 07/14/2023. The advisory is shared for download at zerodayinitiative.com. This vulnerability was named CVE-2023-38101 since 07/12/2023. There are known technical details, but no exploit is available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 02/07/2025).
Upgrading eliminates this vulnerability.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Vendor
Name
License
Website
- Vendor: https://www.netgear.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 8.3VulDB Meta Temp Score: 8.1
VulDB Base Score: 8.8
VulDB Temp Score: 8.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 8.8
NVD Vector: 🔍
CNA Base Score: 7.2
CNA Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: RoutineCWE: CWE-749
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
07/12/2023 🔍07/14/2023 🔍
07/14/2023 🔍
02/07/2025 🔍
Sources
Vendor: netgear.comAdvisory: zerodayinitiative.com
Status: Confirmed
CVE: CVE-2023-38101 (🔍)
GCVE (CVE): GCVE-0-2023-38101
GCVE (VulDB): GCVE-100-234160
Entry
Created: 07/14/2023 08:22Updated: 02/07/2025 05:52
Changes: 07/14/2023 08:22 (35), 09/19/2024 10:59 (29), 02/07/2025 05:52 (11)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.