NETGEAR ProSAFE Network Management System (NMS300) Multiple Vulnerabilities | allinfosecnews.com

Nov. 28, 2023, 3:23 p.m. | Nick Miles

Tenable Research Advisories www.tenable.com

NETGEAR ProSAFE Network Management System (NMS300) Multiple Vulnerabilities

Tenable has found multiple vulnerabilities in NETGER ProSAFE Network Management System (NMS300) v1.7.0.26.

Java Debug Wire Protocol (JDWP) RCE (CVE-2023-49693)

NSM300 has JDWP enabled on port 11611 and it's remotely accessible:

PS C:\Program Files\NMS300> Get-ItemPropertyValue -Path 'HKLM:\SOFTWARE\WOW6432Node\Apache Software Foundation\Procrun 2.0\NMS300_Server\Parameters\Java\' -Name Options
-Dcatalina.base=C:\Program Files\NMS300\NMS300\apache-tomcat-6.0.33
-Dcatalina.home=C:\Program Files\NMS300\NMS300\apache-tomcat-6.0.33
-Djava.endorsed.dirs=C:\Program Files\NMS300\NMS300\apache-tomcat-6.0.33\endorsed
-Xdebug
-Xrunjdwp:transport=dt_socket,address=11611,server=y,suspend=n
-Djava.io.tmpdir=C:\Program Files\NMS300\NMS300\apache-tomcat-6.0.33\temp
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djava.util.logging.config.file=C:\Program Files\NMS300\NMS300\apache-tomcat-6.0.33\conf\logging.properties

A metasploit module (exploit/multi/misc/java_jdwp_debugger) exists to exploit the JDWP RCE.

In addition, an unauthenticated remote attacker can …

apache apache software foundation base cve debug files found foundation home java management name netgear network network management options path port program protocol rce software system tenable tomcat vulnerabilities wire

More from www.tenable.com / Tenable Research Advisories

Fluent Bit Memory Corruption Vulnerability 2 weeks, 1 day ago | www.tenable.com

corruption memory memory corruption vulnerability

Cross-Site Scripting in WordPress RSS Aggregator Plugin 2 weeks, 4 days ago | www.tenable.com

cross-site plugin rss scripting +1

Solidus Stored Cross-Site Scripting 2 weeks, 4 days ago | www.tenable.com

cross-site inject javascript malicious +8

CyberPower PowerPanel Enterprise Power Device Network Utility Multiple Vulnerabilities 3 weeks, 2 days ago | www.tenable.com

access account action admin +42

Delta Electronics DIAEnergie CEBC.exe Multiple Vulnerabilities 3 weeks, 5 days ago | www.tenable.com

cve cve-2024 cvss delta +11

Approach.App Multiple Vulnerabilities 1 month, 1 week ago | www.tenable.com

app application exploitation management +9

Karros Technologies Authentication Bypass 1 month, 1 week ago | www.tenable.com

authentication authentication bypass bypass technologies

Ivanti Avalanche WLAvalancheService.exe Unauthenticated Heap-based Buffer Overflow 1 month, 2 weeks ago | www.tenable.com

avalanche big buffer buffer overflow +12

Path Traversal Affecting Multiple CData Products 1 month, 3 weeks ago | www.tenable.com

application attachment cookie date +14

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote

View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC

View on infosec-jobs.com