CVE-2023-38098

HIGH

NETGEAR ProSAFE Network Management System < 1.7.0.20 - Remote Code Execution via UpLoadServlet Unrestricted File Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-38098. Includes Metasploit module exploits/windows/http/netgear_nms_rce.

AI-analyzed exploit summary This Metasploit module exploits an arbitrary file upload vulnerability in NETGEAR ProSafe NMS300, allowing unauthenticated remote code execution as SYSTEM. It chains authentication bypass and file upload flaws to deploy a JSP payload, which executes a Meterpreter session.

Description

NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UpLoadServlet class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19720.

Exploits (1)

metasploit WORKING POC EXCELLENT

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/netgear_nms_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits an arbitrary file upload vulnerability in NETGEAR ProSafe NMS300, allowing unauthenticated remote code execution as SYSTEM. It chains authentication bypass and file upload flaws to deploy a JSP payload, which executes a Meterpreter session.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: NETGEAR ProSafe Network Management System 300 (versions 1.5.0.2, 1.4.0.17, 1.1.0.13, 1.7.0.12, 1.7.0.1)

No auth needed

Prerequisites: Network access to the target's web interface (port 8080 by default) · Vulnerable version of NETGEAR ProSafe NMS300

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory x_research-advisory

https://www.zerodayinitiative.com/advisories/ZDI-23-918/

Vendor Advisory vendor-advisory

https://kb.netgear.com/000065707/Security-Advisory-for-Multiple-Vulnerabilities-on-the-ProSAFE-Network-Management-System-PSV-2023-0024-PSV-2023-0025

Scores

CVSS v3 8.8

EPSS 0.0979

EPSS Percentile 94.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

netgear/prosafe_network_management_system < 1.7.0.20

Published May 03, 2024

Tracked Since Feb 18, 2026