An unauthenticated remote code execution vulnerability in NetGain EM Plus allows attackers to execute arbitrary system commands and gain full control over the monitoring server.

This vulnerability resides in the script_test.jsp endpoint. An unauthenticated attacker can send a POST request with malicious shell commands embedded in the content parameter. The server executes these commands without validation, allowing for full system compromise and command output retrieval.

A breach of a monitoring platform like NetGain EM Plus is catastrophic, as these systems often have broad access to the entire IT infrastructure. With a CVSS score of 9.8, the impact includes complete loss of confidentiality, integrity, and availability, potentially serving as a pivot point for lateral movement.

Immediate Action: Update NetGain EM Plus to the latest patched version immediately. If a patch is unavailable, disable access to the script_test.jsp file or the entire web interface from untrusted networks.

Proactive Monitoring: Review web server access logs for POST requests to script_test.jsp and monitor for unauthorized shell activity or unexpected outbound network connections.

Compensating Controls: Deploy a Web Application Firewall (WAF) to block requests containing shell command patterns (e.g., ;, &&, |) directed at JSP endpoints.

Public Exploit Available: false

The severity of unauthenticated RCE cannot be overstated. Organizations must prioritize the identification and patching of all NetGain EM Plus instances. Given the age of the CVE, immediate decommissioning of non-patchable versions is strongly advised.