CVE-2023-38096

CRITICAL

NETGEAR ProSafe Network Management System 300 Arbitrary File Upload

Title source: metasploit

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-38096. Includes Metasploit module exploits/windows/http/netgear_nms_rce.

AI-analyzed exploit summary This Metasploit module exploits an authentication bypass and arbitrary file upload vulnerability in NETGEAR ProSafe NMS300 to achieve remote code execution as SYSTEM. It chains vulnerabilities in FileUploadController and MyHandlerInterceptor to upload a malicious JSP payload and execute it.

Description

NETGEAR ProSAFE Network Management System MyHandlerInterceptor Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of NETGEAR ProSAFE Network Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MyHandlerInterceptor class. The issue results from improper implementation of the authentication mechanism. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-19718.

Exploits (1)

metasploit WORKING POC EXCELLENT

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/netgear_nms_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits an authentication bypass and arbitrary file upload vulnerability in NETGEAR ProSafe NMS300 to achieve remote code execution as SYSTEM. It chains vulnerabilities in FileUploadController and MyHandlerInterceptor to upload a malicious JSP payload and execute it.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: NETGEAR ProSafe Network Management System 300 (versions 1.5.0.2, 1.4.0.17, 1.1.0.13, 1.7.0.12, 1.7.0.1)

No auth needed

Prerequisites: Network access to the target on port 8080 · Target running vulnerable NETGEAR ProSafe NMS300

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 24, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory x_research-advisory

https://www.zerodayinitiative.com/advisories/ZDI-23-920/

Vendor Advisory vendor-advisory

https://kb.netgear.com/000065707/Security-Advisory-for-Multiple-Vulnerabilities-on-the-ProSAFE-Network-Management-System-PSV-2023-0024-PSV-2023-0025

Scores

CVSS v3 9.8

EPSS 0.7493

EPSS Percentile 98.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-287

Status published

Products (1)

netgear/prosafe_network_management_system < 1.7.0.20

Published May 03, 2024

Tracked Since Feb 18, 2026