漏洞描述
Netgear ProSafe 防火墙是美国网件公司旗下一款 ProSafe 无线路由 VPN 防火墙。Netgear ProSafe 防火墙固件版本 4.3.5-3 及之前存在SQL注入漏洞。攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。
Netgear ProSafe 防火墙 SQL 注入漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2020-26919: NETGEAR ProSAFE Plus - Unauthenticated Remote Code Execution
- POC CVE-2021-20167: Netgear RAX43 1.0.3.96 - Command Injection/Authentication Bypass Buffer Overrun
- POC CVE-2022-29383: NETGEAR ProSafe SSL VPN firmware - SQL Injection
- POC CVE-2024-30568: Netgear R6850 V1.1.0.88 - Command Injection
- POC CVE-2024-30569: Netgear R6850 - Information Disclosure
- POC CVE-2024-30570: Netgear R6850 - Information Disclosure
- POC CVE-2024-57046: Netgear DGN2200 - Improper Authentication
- POC CVE-2024-6646: Netgear-WN604 downloadFile.php - Information Disclosure
- POC netgear-boarddataww-rce: Netgear Devices boardDataWW.php - Remote Command Execution
- POC dlink-netgear-xss: Dlink DSR-250 and Netgear Prosafe - Cross-Site Scripting
- POC netgear-dgn-rce: Netgear DGN Devices - Command Execution
- POC netgear-wnr614-auth-bypass: Netgear WNR614 - Improper Authentication
- Netgear 路由器多版本管理后台 downloadFile.php 信息泄露漏洞(CVE-2024-6646)