Platform
netgear
Component
netgear-prosafe-network-management-system
Fixed in
1.7.1
CVE-2024-5505 is a Remote Code Execution (RCE) vulnerability affecting the NETGEAR ProSAFE Network Management System. This flaw allows authenticated attackers to execute arbitrary code on vulnerable systems, potentially leading to complete system compromise. The vulnerability impacts versions 1.7.0.34–1.7.0.34 x64. A fix is pending from NETGEAR.
The primary impact of CVE-2024-5505 is the ability for an authenticated attacker to execute arbitrary code on the affected NETGEAR ProSAFE Network Management System. This means an attacker could gain full control of the device, potentially accessing sensitive network configurations, user credentials, and other data. Successful exploitation could allow for lateral movement within the network, enabling the attacker to compromise other connected devices. The SYSTEM context under which the code executes grants a high level of privilege, maximizing the potential damage. This vulnerability shares similarities with other file upload vulnerabilities where insufficient path validation allows for traversal and code execution.
CVE-2024-5505 was reported to ZDI (ZDI-CAN-22724) and subsequently disclosed publicly on 2024-06-06. The vulnerability's CVSS score of 8.8 (HIGH) indicates a significant risk. Currently, there are no publicly available exploits, but the ease of exploitation (requiring only authentication) suggests a medium probability of exploitation. It is not currently listed on CISA KEV, but this could change. Monitor security advisories from NETGEAR and security news sources for updates.
Exploit Status
EPSS
76.00% (99% percentile)
CISA SSVC
CVSS Vector
While a direct patch is pending, several mitigation steps can reduce the risk. First, restrict network access to the NETGEAR ProSAFE Network Management System to only trusted sources. Implement strict firewall rules to limit inbound connections. Monitor file uploads closely, looking for suspicious filenames or extensions. Consider using a Web Application Firewall (WAF) to filter potentially malicious requests. If possible, temporarily disable the UpLoadServlet functionality. After a fix is released, upgrade to the patched version immediately and verify the fix by attempting a file upload with a known malicious path to ensure it is blocked.
Update the NETGEAR ProSAFE Network Management System to a version that is not vulnerable. Refer to the vendor's website for the latest version and update instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-5505 is a Remote Code Execution vulnerability in NETGEAR ProSAFE Network Management System versions 1.7.0.34–1.7.0.34 x64, allowing authenticated attackers to execute arbitrary code.
If you are running NETGEAR ProSAFE Network Management System version 1.7.0.34–1.7.0.34 x64, you are potentially affected by this vulnerability.
Upgrade to the patched version when available from NETGEAR. Until then, implement mitigation steps like restricting network access and monitoring file uploads.
While no public exploits are currently available, the vulnerability's ease of exploitation suggests a medium probability of exploitation. Monitor security advisories for updates.
Refer to the NETGEAR security advisory page for the latest information and updates regarding CVE-2024-5505.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.