NETGEAR ProSAFE Network Management System (NMS300) Multiple Vulnerabilities | allinfosecnews.com

Nov. 28, 2023, 3:23 p.m. | Nick Miles

Tenable Research Advisories www.tenable.com

NETGEAR ProSAFE Network Management System (NMS300) Multiple Vulnerabilities

Tenable has found multiple vulnerabilities in NETGER ProSAFE Network Management System (NMS300) v1.7.0.26.

Java Debug Wire Protocol (JDWP) RCE (CVE-2023-49693)

NSM300 has JDWP enabled on port 11611 and it's remotely accessible:

PS C:\Program Files\NMS300> Get-ItemPropertyValue -Path 'HKLM:\SOFTWARE\WOW6432Node\Apache Software Foundation\Procrun 2.0\NMS300_Server\Parameters\Java\' -Name Options
-Dcatalina.base=C:\Program Files\NMS300\NMS300\apache-tomcat-6.0.33
-Dcatalina.home=C:\Program Files\NMS300\NMS300\apache-tomcat-6.0.33
-Djava.endorsed.dirs=C:\Program Files\NMS300\NMS300\apache-tomcat-6.0.33\endorsed
-Xdebug
-Xrunjdwp:transport=dt_socket,address=11611,server=y,suspend=n
-Djava.io.tmpdir=C:\Program Files\NMS300\NMS300\apache-tomcat-6.0.33\temp
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djava.util.logging.config.file=C:\Program Files\NMS300\NMS300\apache-tomcat-6.0.33\conf\logging.properties

A metasploit module (exploit/multi/misc/java_jdwp_debugger) exists to exploit the JDWP RCE.

In addition, an unauthenticated remote attacker can …

apache apache software foundation base cve debug files found foundation home java management name netgear network network management options path port program protocol rce software system tenable tomcat vulnerabilities wire

More from www.tenable.com / Tenable Research Advisories

Approach.App Multiple Vulnerabilities 1 week, 6 days ago | www.tenable.com

app application exploitation management +9

Karros Technologies Authentication Bypass 1 week, 6 days ago | www.tenable.com

authentication authentication bypass bypass technologies

Ivanti Avalanche WLAvalancheService.exe Unauthenticated Heap-based Buffer Overflow 2 weeks, 1 day ago | www.tenable.com

avalanche big buffer buffer overflow +12

Path Traversal Affecting Multiple CData Products 3 weeks, 6 days ago | www.tenable.com

application attachment cookie date +14

LG LED Assistant v2.1.65 Multiple Vulnerabilities 1 month ago | www.tenable.com

assistant led vulnerabilities

Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities 1 month, 2 weeks ago | www.tenable.com

arcserve data data protection protection +1

Microsoft Azure Synapse Analytics - Privilege Escalation via Vegas Caching Service 1 month, 3 weeks ago | www.tenable.com

analytics azure azure synapse caching +8

Showdownjs Denial of Service 2 months ago | www.tenable.com

can command concept conditions +17

Missing Authentication for Critical Function in Adobe FrameMaker Publishing Server (FMPS) 2 months, 2 weeks ago | www.tenable.com

accesstoken admin adobe authentication +9

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote

View on infosec-jobs.com

Cloud Security Analyst

@ Cloud Peritus | Bengaluru, India

View on infosec-jobs.com

Cyber Program Manager - CISO- United States – Remote

@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700

View on infosec-jobs.com

Network Security Engineer (AEGIS)

@ Peraton | Virginia Beach, VA, United States

View on infosec-jobs.com

SC2022-002065 Cyber Security Incident Responder (NS) - MON 13 May

@ EMW, Inc. | Mons, Wallonia, Belgium

View on infosec-jobs.com

Information Systems Security Engineer

@ Booz Allen Hamilton | USA, GA, Warner Robins (300 Park Pl Dr)

View on infosec-jobs.com