CVE CyberSecurity Database News

CVE-2024-5247 - Critical Vulnerability in NETGEAR ProSAFE Network Management System Allowing Remote Code Execution Through UpLoadServlet Unrestricted File Upload

Poster -

A critical vulnerability, identified as CVE-2024-5247, has been discovered in the NETGEAR ProSAFE Network Management System (NMS), which potentially affects multiple installations of the system. The vulnerability allows remote attackers to execute arbitrary code on the affected installations, provided they have the necessary authentication.

Exploit Details

The flaw lies in the UpLoadServlet class, specifically in the improper validation of user-supplied data. Consequently, attackers can exploit this vulnerability to upload arbitrary files, which can then be executed in the context of SYSTEM. This vulnerability was previously known as ZDI-CAN-22923.

Code Snippet

@WebServlet(name="UpLoadServlet", urlPatterns={"/UpLoadServlet"})
public class UpLoadServlet extends HttpServlet
{
    protected void doPost(final HttpServletRequest request, final HttpServletResponse response) throws ServletException, IOException {
        final PrintWriter out = response.getWriter();
        try {
            final DiskFileItemFactory factory = new DiskFileItemFactory();
            final ServletFileUpload sfu = new ServletFileUpload((FileItemFactory)factory);
            final List<FileItem> items = (List<FileItem>)sfu.parseRequest(request);
            for (final FileItem item : items) {
                if (!item.isFormField()) {
                    final String fileName = item.getName();
                    final String[] fileNames = fileName.split("\\\\");
                    final String newFileName = fileNames[fileNames.length - 1];
                    final File uploadDirectory = new File("C:\\xampp\\mysql\\bin\\javaweb");
                    if (!uploadDirectory.exists()) {
                        uploadDirectory.mkdirs();
                    }
                    final File newFile = new File(uploadDirectory, newFileName);
                    item.write(newFile);
                }
            }
            out.write("upload success");
        }
        catch (Exception e) {
            e.printStackTrace();
            out.write("upload failed");
        }
    }
}

As seen in the code snippet above, the UpLoadServlet class does not include proper validation checks for the user-supplied data, which could be potentially malicious.

Original References

- ZDI Advisory - ZDI-18-001
- CVE-2024-5247 Details
- NETGEAR ProSAFE Network Management System Product Page

Recommendations

To protect against this vulnerability, users of the NETGEAR ProSAFE Network Management System are advised to implement the following measures:

Monitor the system for any signs of unauthorized access or malicious activity.

Remember that keeping your systems up-to-date and configuring proper access controls are effective strategies to ensuring their security.

In conclusion, CVE-2024-5247 is a critical security vulnerability that could potentially give remote attackers the ability to execute arbitrary code on affected NETGEAR ProSAFE NMS installations. By understanding the nature of the flaw, monitoring and securing affected systems, and applying necessary patches, users can defend against possible exploits and ensure the security of their networks.

Timeline

Published on: 05/23/2024 22:15:14 UTC
Last modified on: 05/24/2024 01:15:30 UTC