CVE-2024-5245

EPSS 0.13%
Veröffentlicht 23.05.2024 22:15:13
Zuletzt bearbeitet 11.02.2025 17:29:53
Quelle zdi-disclosures@trendmicro.com
Teams Watchlist Login
Unerledigt Login

NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the product installer. The issue results from the use of default MySQL credentials. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22755.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Netgear ≫ Prosafe Network Management System Version < 1.7.0.37

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.327

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
zdi-disclosures@trendmicro.com	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-1392 Use of Default Credentials

The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.

https://kb.netgear.com/000066164/Security-Advisory-for-Multiple-Vulnerabilities-on-the-NMS300-PSV-2024-0003-PSV-2024-0004

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-24-496/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-5245

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-5245

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-5245

EUVD