Login Sign Up

CVE-2023-44449

8.8 HIGH
SQL Injection

📋 TL;DR

This vulnerability allows authenticated remote attackers to perform SQL injection through the clearAlertByIds function in NETGEAR ProSAFE Network Management System. Successful exploitation enables privilege escalation to access protected resources. Affected users are those running vulnerable versions of NETGEAR NMS300.

💻 Affected Systems

Products:
  • NETGEAR ProSAFE Network Management System 300 (NMS300)
Versions: Versions prior to 1.7.0.17
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Authentication required to exploit, but default configurations may be vulnerable.

📦 What is this software?

Prosafe Network Management System by Netgear

View all CVEs affecting Prosafe Network Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains administrative privileges, potentially compromising the entire network management system and connected devices.

🟠

Likely Case

Authenticated attacker escalates privileges to access sensitive network configuration data and management functions.

🟢

If Mitigated

Attack fails due to proper input validation or network segmentation limiting access.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

SQL injection vulnerabilities are commonly weaponized. Authentication requirement adds a barrier but doesn't prevent exploitation by authenticated attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.7.0.17

Vendor Advisory: https://kb.netgear.com/000065866/Security-Advisory-for-Multiple-Vulnerabilities-on-the-NMS300-PSV-2023-0114-PSV-2023-0115

Restart Required: Yes

Instructions:

1. Download NMS300 version 1.7.0.17 from NETGEAR support site. 2. Backup current configuration. 3. Install the update following vendor instructions. 4. Restart the NMS300 service.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to NMS300 management interface to trusted IP addresses only.

Input Validation Enhancement

all

Implement application-level input validation for clearAlertByIds parameters.

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can reach the NMS300 management interface.
  • Monitor for unusual SQL queries or privilege escalation attempts in application logs.

🔍 How to Verify

Check if Vulnerable:

Check NMS300 version in web interface or via system information. Versions below 1.7.0.17 are vulnerable.

Check Version:

Check web interface at http://<nms-ip>:8080 or consult system documentation for version check.

Verify Fix Applied:

Confirm version is 1.7.0.17 or higher in system information.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed authentication attempts followed by clearAlertByIds calls
  • Unexpected privilege changes in user accounts

Network Indicators:

  • SQL injection patterns in HTTP POST requests to clearAlertByIds endpoint
  • Unusual outbound connections from NMS300 system

SIEM Query:

source="nms300" AND (http_uri="*clearAlertByIds*" AND http_method="POST" AND (http_body="*' OR *" OR http_body="*;--*"))

📊 Metadata

CVE ID: CVE-2023-44449
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: May 3, 2024
Last Updated: February 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-44449, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)