Published: 13/02/2016 Updated: 09/10/2018

CVSS v2 Base Score: 8.3 | Impact Score: 10 | Exploitability Score: 6.5

CVSS v3 Base Score: 9.6 | Impact Score: 6 | Exploitability Score: 2.8

VMScore: 835

Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and previous versions allow remote malicious users to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI.

Vulnerable Product	Search on Vulmon	Subscribe to Product
netgear prosafe network management software 300

>> Remote code execution / arbitrary file download in NETGEAR ProSafe Network Management System NMS300 >> Discovered by Pedro Ribeiro (pedrib@gmailcom), Agile Information Security (wwwagileinfoseccouk/) ========================================================================== Disclosure: 04/02/2016 / Last updated: 04/02/2016 ...

Netgear Pro NMS 300 suffers from code execution and arbitrary file download vulnerabilities ...

No patches for code exec holes in Netgear management box

The Register • Team Register • 07 Feb 2016

Metasploit modules unleashed.

Two dangerous un-patched remote code execution vulnerabilities that allow access to God-mode system privileges have been reported in Netgear's ProSafe Network Management 300 management software. The file upload vulnerability (CVE-2016-1524) and restricted directory traversal (CVE-2016-1525) allow unauthenticated attackers to upload arbitrary files to the server's root web directory and access any file on servers. Carnegie Mellon University CERT analyst Joel Land says there is no known fix and re...

CVE-2016-1524

Vulnerability Summary

Exploits

Recent Articles

References

Vulmon Search

About

Products

Connect