CVE-2023-49693 CRITICAL

CVE-2023-49693: NETGEAR ProSAFE Network Management System RCE via Unprotected Access to Java Debug Wire Protocol

Vendor Netgear
Product NETGEAR ProSAFE Network Management System
Weakness CWE-306 · Missing auth
Published November 29, 2023
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

Description

NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port 11611 and it is remotely accessible by unauthenticated users, allowing attackers to execute arbitrary code.

Key dates

Disclosure timeline

November 29, 2023 CVE published
August 2, 2024 Record updated