Vulnerability Description
NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the saveNodeLabel method. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-21838.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netgear | Prosafe Network Management System | < 1.7.0.31 |
Related Weaknesses (CWE)
References
- https://kb.netgear.com/000065901/Security-Advisory-for-Stored-Cross-Site-ScriptiVendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-23-1847/Third Party Advisory
- https://kb.netgear.com/000065901/Security-Advisory-for-Stored-Cross-Site-ScriptiVendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-23-1847/Third Party Advisory
FAQ
What is CVE-2023-50231?
CVE-2023-50231 is a vulnerability with a CVSS score of 9.6 (CRITICAL). NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installat...
How severe is CVE-2023-50231?
CVE-2023-50231 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-50231?
Check the references section above for vendor advisories and patch information. Affected products include: Netgear Prosafe Network Management System.