漏洞标题
NETGEAR ProSAFE网络管理系统createUser缺少授权权限提升漏洞
漏洞描述信息
NETGEAR ProSAFE网络管理系统createUser缺少授权权限提升漏洞。此漏洞允许远程攻击者在受影响的NETGEAR ProSAFE网络管理系统安装中提升权限。虽然利用此漏洞需要身份验证,但现有身份验证机制可以被绕过。
特定的漏洞存在于createUser函数中。问题在于在允许访问功能之前缺乏授权。攻击者可以利用此漏洞将权限提升到通常受用户保护的资源。这是ZDI-CAN-19726。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
授权机制缺失
漏洞标题
NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability
漏洞描述信息
NETGEAR ProSAFE Network Management System createUser Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the createUser function. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-19726.
CVSS信息
N/A
漏洞类别
授权机制缺失
漏洞标题
NETGEAR ProSAFE 安全漏洞
漏洞描述信息
NETGEAR ProSAFE是美国网件(NETGEAR)公司的一个网络管理系统。 NETGEAR ProSAFE存在安全漏洞,该漏洞源于createUser函数存在权限提升漏洞。
CVSS信息
N/A
漏洞类别
其他