all InfoSec news
NETGEAR ProSAFE Network Management System (NMS300) Multiple Vulnerabilities
Tenable Research Advisories www.tenable.com
Tenable has found multiple vulnerabilities in NETGER ProSAFE Network Management System (NMS300) v1.7.0.26.
Java Debug Wire Protocol (JDWP) RCE (CVE-2023-49693)
NSM300 has JDWP enabled on port 11611 and it's remotely accessible:
PS C:\Program Files\NMS300> Get-ItemPropertyValue -Path 'HKLM:\SOFTWARE\WOW6432Node\Apache Software Foundation\Procrun 2.0\NMS300_Server\Parameters\Java\' -Name Options
-Dcatalina.base=C:\Program Files\NMS300\NMS300\apache-tomcat-6.0.33
-Dcatalina.home=C:\Program Files\NMS300\NMS300\apache-tomcat-6.0.33
-Djava.endorsed.dirs=C:\Program Files\NMS300\NMS300\apache-tomcat-6.0.33\endorsed
-Xdebug
-Xrunjdwp:transport=dt_socket,address=11611,server=y,suspend=n
-Djava.io.tmpdir=C:\Program Files\NMS300\NMS300\apache-tomcat-6.0.33\temp
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djava.util.logging.config.file=C:\Program Files\NMS300\NMS300\apache-tomcat-6.0.33\conf\logging.properties
A metasploit module (exploit/multi/misc/java_jdwp_debugger) exists to exploit the JDWP RCE.
In addition, an unauthenticated remote attacker can …
apache apache software foundation base cve debug files found foundation home java management name netgear network network management options path port program protocol rce software system tenable tomcat vulnerabilities wire