NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability

The impact of CVE-2024-5505 is significant due to its RCE nature. A successful exploit allows an attacker to gain complete control over the affected NETGEAR ProSAFE Network Management System. This could lead to data breaches, system compromise, and potential lateral movement within the network. The attacker, requiring authentication, could install malware, steal sensitive configuration data, or disrupt network services. The ability to execute code as SYSTEM elevates the risk considerably, potentially allowing the attacker to compromise other systems accessible from the management system.

Organizations using NETGEAR ProSAFE Network Management System in environments with limited network segmentation are particularly at risk. Those with legacy configurations or weak authentication practices are also more vulnerable. Shared hosting environments where multiple users share the same ProSAFE device should be considered high-priority targets.

• linux / server: Monitor system logs (journalctl) for unusual file upload activity or errors related to the UpLoadServlet. Look for attempts to access files outside of the intended upload directory.

journalctl -u prosafe -f | grep -i "uploadservlet"

• generic web: Use curl or wget to test the upload endpoint with a path traversal payload (e.g., ../../../../etc/passwd). Examine the response headers and content for any signs of unauthorized file access.

curl -X POST -F "file=../../../../etc/passwd" http://<prosafe_ip>/uploadservlet

• netgear: Review the ProSAFE Network Management System configuration for any unusual or unauthorized user accounts. Check for suspicious scheduled tasks or processes that might be related to exploitation.

1. 2024-06-06Disclosure

   disclosure

1. Reserviert2024-05-29
2. Veröffentlicht2024-06-06
3. Geändert2024-08-01
4. EPSS aktualisiert2026-04-02

The primary mitigation for CVE-2024-5505 is to upgrade to a patched version of the NETGEAR ProSAFE Network Management System as soon as it becomes available. Until the upgrade can be performed, consider implementing stricter authentication controls and limiting access to the UpLoadServlet functionality. Web Application Firewalls (WAFs) configured to detect and block directory traversal attempts can provide an additional layer of defense. Monitor system logs for suspicious activity related to file uploads and unusual process executions. After upgrade, confirm the vulnerability is resolved by attempting a controlled directory traversal request and verifying it is blocked.