CVE-2023-44449— NETGEAR ProSAFE 安全漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2023-44449の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability
ソース: NVD (National Vulnerability Database)
脆弱性説明
NETGEAR ProSAFE Network Management System clearAlertByIds SQL Injection Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the clearAlertByIds function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-21875.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
NETGEAR ProSAFE 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
NETGEAR ProSAFE是美国网件(NETGEAR)公司的一个网络管理系统。 NETGEAR ProSAFE 存在安全漏洞,该漏洞源于clearAlertByIds函数存在SQL注入漏洞。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| NETGEAR | ProSAFE Network Management System | 1.7.0.26 x64 | - |
II. CVE-2023-44449の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2023-44449のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · NETGEAR · 2024-05-03 · 31 CVEs total
| CVE-2023-40479 | NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability | |
| CVE-2023-34283 | NETGEAR RAX30 USB Share Link Following Information Disclosure Vulnerability | |
| CVE-2023-34285 | NETGEAR RAX30 cmsCli_authenticate Stack-based Buffer Overflow Remote Code Execution Vulner | |
| CVE-2023-34284 | NETGEAR RAX30 Use of Hard-coded Credentials Authentication Bypass Vulnerability | |
| CVE-2023-50231 | NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Esc | |
| CVE-2023-27358 | NETGEAR RAX30 SOAP Request SQL Injection Remote Code Execution Vulnerability | |
| CVE-2023-27368 | NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerability | |
| CVE-2023-27360 | NETGEAR RAX30 lighttpd Misconfiguration Remote Code Execution Vulnerability | |
| CVE-2023-27357 | NETGEAR RAX30 GetInfo Missing Authentication Information Disclosure Vulnerability | |
| CVE-2023-27361 | NETGEAR RAX30 rex_cgi JSON Parsing Stack-based Buffer Overflow Remote Code Execution Vulne | |
| CVE-2023-27356 | NETGEAR RAX30 logCtrl Command Injection Remote Code Execution Vulnerability | |
| CVE-2023-27369 | NETGEAR RAX30 soap_serverd Stack-based Buffer Overflow Authentication Bypass Vulnerabilit | |
| CVE-2023-27370 | NETGEAR RAX30 Device Configuration Cleartext Storage Information Disclosure Vulnerability | |
| CVE-2023-27367 | NETGEAR RAX30 libcms_cli Command Injection Remote Code Execution Vulnerability | |
| CVE-2023-40478 | NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerab | |
| CVE-2023-35721 | NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution V | |
| CVE-2023-40480 | NETGEAR RAX30 DHCP Server Command Injection Remote Code Execution Vulnerability | |
| CVE-2023-44450 | NETGEAR ProSAFE Network Management System getNodesByTopologyMapSearch SQL Injection Remote | |
| CVE-2023-44445 | NETGEAR CAX30 SSO Stack-based Buffer Overflow Remote Code Execution Vulnerability | |
| CVE-2023-38102 | NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escal |
Showing 20 of 31 CVEs. View all on vendor page →
IV. 関連脆弱性
- CVE-2024-6814
NETGEAR ProSAFE Network Management System getFilterString SQ - CVE-2024-6813
NETGEAR ProSAFE Network Management System getSortString SQL - CVE-2024-5505
NETGEAR ProSAFE Network Management System UpLoadServlet Dire - CVE-2024-5247
NETGEAR ProSAFE Network Management System UpLoadServlet Unre - CVE-2024-5246
NETGEAR ProSAFE Network Management System Tomcat Remote Code
同じベンダー: NETGEAR
- CVE-2026-24714
NETGEAR PR2000 安全漏洞 - CVE-2026-0404
Insufficient input validation in NETGEAR Orbi routers - CVE-2026-0408
Path traversal vulnerability in Netgear WiFi Range Extenders - CVE-2026-0407
Authentication bypass in NETGEAR WiFi Range Extenders via ne - CVE-2026-0406
Insufficient input validation in NETGEAR Nighthawk router XR
同じ弱点: CWE-89
- CVE-2021-47941
WordPress Plugin Survey & Poll 1.5.7.3 SQL Injection via sss - CVE-2021-47930
Balbooa Joomla Forms Builder 2.0.6 SQL Injection Unauthentic - CVE-2021-47928
Opencart TMD Vendor System 3.x Blind SQL Injection via produ - CVE-2026-8231
CodeAstro Online Catering Ordering System deleteorder.php sq - CVE-2025-14179
SQL injection in pdo_firebird via NUL bytes in quoted string
V. CVE-2023-44449へのコメント
まだコメントはありません