How severe is CVE-2024-5245?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2024-5245?

This is classified as CWE-1392, which is a common weakness in software security.

CVE-2024-5245 - HIGH Severity | CVSS 7.8

Vulnerability Description

NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from the use of default MySQL credentials. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22755.

Related Vulnerabilities

CVE-2025-22460

HIGH

CVSS:7.8(High)

Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges.

CWE-13922025

CVE-2023-43844

HIGH

CVSS:8.0(High)

Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged web interface account. The user is not asked to change the credentials after first login. If not changed, attackers can log ...

CWE-13922023

CVE-2024-10476

HIGH

CVSS:8.0(High)

Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as pro...

CWE-13922024

CVE-2024-12013

HIGH

CVSS:7.6(High)

A CWE-1392 “Use of Default Credentials” was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server with default and easy-to-guess admin credent...

CWE-13922024

CVE-2024-54015

HIGH

CVSS:7.5(High)

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD86 (CP300) (All versions >= V8.80 < V9.9...

CWE-13922024

CVE-2025-23012

HIGH

CVSS:7.5(High)

Fedora Repository 3.8.x includes a service account (fedoraIntCallUser) with default credentials and privileges to read read local files by manipulating datastreams. Fedora Repository 3.8.1 was release...

CWE-13922025