Login Sign Up

CVE-2023-50231

9.6 CRITICAL
Cross-Site Scripting

📋 TL;DR

This is a stored cross-site scripting (XSS) vulnerability in NETGEAR ProSAFE Network Management System that allows remote attackers to inject malicious scripts via the saveNodeLabel method. When exploited, it enables privilege escalation to access protected resources. Affected users are those running vulnerable versions of NETGEAR NMS300.

💻 Affected Systems

Products:
  • NETGEAR ProSAFE Network Management System 300 (NMS300)
Versions: Versions prior to 1.7.0.15
Operating Systems: All platforms running NMS300
Default Config Vulnerable: ⚠️ Yes
Notes: All installations with the vulnerable version are affected regardless of configuration.

📦 What is this software?

Prosafe Network Management System by Netgear

View all CVEs affecting Prosafe Network Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative privileges, take full control of the NMS system, compromise managed network devices, and potentially pivot to internal networks.

🟠

Likely Case

Attackers escalate privileges to access sensitive network management functions, modify device configurations, and potentially steal credentials.

🟢

If Mitigated

With proper input validation and output encoding, the script injection is prevented, maintaining normal user privilege boundaries.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires authenticated access but minimal user interaction. The vulnerability is well-documented in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.7.0.15

Vendor Advisory: https://kb.netgear.com/000065901/Security-Advisory-for-Stored-Cross-Site-Scripting-on-the-NMS300-PSV-2023-0106

Restart Required: Yes

Instructions:

1. Download NMS300 version 1.7.0.15 from NETGEAR support site. 2. Backup current configuration. 3. Install the update following NETGEAR's upgrade guide. 4. Restart the NMS service or server.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side input validation to sanitize node label inputs before processing.

Web Application Firewall

all

Deploy WAF with XSS protection rules to block malicious script injection attempts.

🧯 If You Can't Patch

  • Isolate NMS300 system from internet and restrict access to trusted networks only.
  • Implement strict access controls and monitor for unusual administrative activity.

🔍 How to Verify

Check if Vulnerable:

Check NMS300 version in web interface under Help > About or system settings.

Check Version:

Not applicable - check via web interface

Verify Fix Applied:

Verify version is 1.7.0.15 or later and test saveNodeLabel functionality with script-like input.

📡 Detection & Monitoring

Log Indicators:

  • Unusual saveNodeLabel requests with script tags
  • Multiple privilege escalation attempts
  • Administrative actions from non-admin users

Network Indicators:

  • HTTP POST requests to saveNodeLabel endpoint containing script elements
  • Unexpected administrative traffic patterns

SIEM Query:

source="nms300" AND (uri_path="/saveNodeLabel" AND (content="<script>" OR content="javascript:"))

📊 Metadata

CVE ID: CVE-2023-50231
CVSS v3 Score: 9.6 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-79
Published: May 3, 2024
Last Updated: February 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-50231, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)