CVE-2023-38096— NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-38096
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of NETGEAR ProSAFE Network Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MyHandlerInterceptor class. The issue results from improper implementation of the authentication mechanism. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-19718.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
认证机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
NETGEAR ProSAFE 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
NETGEAR ProSAFE是美国网件(NETGEAR)公司的一个网络管理系统。 NETGEAR ProSAFE 存在安全漏洞,该漏洞源于MFileUploadController类存在文件上传漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| NETGEAR | ProSAFE Network Management System | 1.7.0.12 (Win64) | - |
II. Public POCs for CVE-2023-38096
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-38096
请登录查看更多情报信息。
Same Patch Batch · NETGEAR · 2024-05-03 · 31 CVEs total
| CVE-2023-40479 | NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability | |
| CVE-2023-34283 | NETGEAR RAX30 USB Share Link Following Information Disclosure Vulnerability | |
| CVE-2023-34285 | NETGEAR RAX30 cmsCli_authenticate Stack-based Buffer Overflow Remote Code Execution Vulner | |
| CVE-2023-34284 | NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability | |
| CVE-2023-50231 | NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Esc | |
| CVE-2023-27358 | NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability | |
| CVE-2023-27368 | NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability | |
| CVE-2023-27360 | NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability | |
| CVE-2023-27357 | NETGEAR RAX30 GetInfo Missing Authentication Information Disclosure Vulnerability | |
| CVE-2023-27361 | NETGEAR RAX30 rex_cgi JSON Parsing Stack-based Buffer Overflow Remote Code Execution Vulne | |
| CVE-2023-27356 | NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability | |
| CVE-2023-27369 | NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerabilit | |
| CVE-2023-27370 | NETGEAR RAX30 Device Configuration Cleartext Storage Information Disclosure Vulnerability | |
| CVE-2023-27367 | NETGEAR RAX30 libcms_cli Command Injection Remote Code Execution Vulnerability | |
| CVE-2023-40478 | NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerab | |
| CVE-2023-35721 | NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution V | |
| CVE-2023-40480 | NETGEAR RAX30 DHCP Server Command Injection Remote Code Execution Vulnerability | |
| CVE-2023-44449 | NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalati | |
| CVE-2023-44450 | NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote | |
| CVE-2023-44445 | NETGEAR CAX30 SSO Stack-based Buffer Overflow Remote Code Execution Vulnerability |
Showing top 20 of 31 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: ProSAFE Network Management System
- CVE-2024-6814
NETGEAR ProSAFE Network Management System getFilterString SQ - CVE-2024-6813
NETGEAR ProSAFE Network Management System getSortString SQL - CVE-2024-5505
NETGEAR ProSAFE Network Management System UpLoadServlet Dire - CVE-2024-5247
NETGEAR ProSAFE Network Management System UpLoadServlet Unre - CVE-2024-5246
NETGEAR ProSAFE Network Management System Tomcat Remote Code
Same vendor: NETGEAR
- CVE-2026-24714
NETGEAR PR2000 安全漏洞 - CVE-2026-0404
Insufficient input validation in NETGEAR Orbi routers - CVE-2026-0408
Path traversal vulnerability in Netgear WiFi Range Extenders - CVE-2026-0407
Authentication bypass in NETGEAR WiFi Range Extenders via ne - CVE-2026-0406
Insufficient input validation in NETGEAR Nighthawk router XR
Same weakness: CWE-287
- CVE-2026-8244
Industrial Application Software IAS Canias ERP Login RMI imp - CVE-2026-8216
Industrial Application Software IAS Canias ERP Java RMI Sess - CVE-2026-8214
Industrial Application Software IAS Canias ERP RMI doAction - CVE-2026-42560
auth: Patreon provider assigns the same local user ID to eve - CVE-2026-41070
openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, all
V. Comments for CVE-2023-38096
No comments yet