Vulnerabilidade de Execução Remota de Código por Traversal de Diretório no UpLoadServlet do NETGEAR ProSAFE Network Management System

The primary impact of CVE-2024-5505 is the ability for an authenticated attacker to execute arbitrary code on the affected NETGEAR ProSAFE Network Management System. This means an attacker could gain full control of the device, potentially accessing sensitive network configurations, user credentials, and other data. Successful exploitation could allow for lateral movement within the network, enabling the attacker to compromise other connected devices. The SYSTEM context under which the code executes grants a high level of privilege, maximizing the potential damage. This vulnerability shares similarities with other file upload vulnerabilities where insufficient path validation allows for traversal and code execution.

Organizations using NETGEAR ProSAFE Network Management System in environments with limited network segmentation are particularly at risk. Those with legacy configurations or weak authentication practices are also more vulnerable. Shared hosting environments where multiple users share the same ProSAFE device should be considered high-priority targets.

• linux / server: Monitor system logs (journalctl) for unusual file upload activity or errors related to the UpLoadServlet. Look for attempts to access files outside of the intended upload directory.

journalctl -u prosafe -f | grep -i "uploadservlet"

• generic web: Use curl or wget to test the upload endpoint with a path traversal payload (e.g., ../../../../etc/passwd). Examine the response headers and content for any signs of unauthorized file access.

curl -X POST -F "file=../../../../etc/passwd" http://<prosafe_ip>/uploadservlet

• netgear: Review the ProSAFE Network Management System configuration for any unusual or unauthorized user accounts. Check for suspicious scheduled tasks or processes that might be related to exploitation.

1. 2024-06-06Disclosure

   disclosure

1. Reservado2024-05-29
2. Publicada2024-06-06
3. Modificada2024-08-01
4. EPSS atualizado2026-04-02

While a direct patch is pending, several mitigation steps can reduce the risk. First, restrict network access to the NETGEAR ProSAFE Network Management System to only trusted sources. Implement strict firewall rules to limit inbound connections. Monitor file uploads closely, looking for suspicious filenames or extensions. Consider using a Web Application Firewall (WAF) to filter potentially malicious requests. If possible, temporarily disable the UpLoadServlet functionality. After a fix is released, upgrade to the patched version immediately and verify the fix by attempting a file upload with a known malicious path to ensure it is blocked.