Flashpoint- cybersecurity firm reported that exposures in Netgear’s NMS300 ProSAFE network management system directed attackers to recover cleartext credentials and escalate privileges.
According to Flashpoint, when the ‘User management’ tab is viewed, the system sends two requests: one to generate the page and another to retrieve user data to populate the page.
A hacker with a key to a low-privileged account that successfully exploits this vulnerability can obtain the administrator account login information and use it to log into the web-based management interface, giving them access to all monitored devices.
Read more: Netgear Vulnerabilities Lead to Credentials Leak, Privilege Escalation
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.