ID CVE-2016-1524
Summary Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI. <a href="http://cwe.mitre.org/data/definitions/434.html">CWE-434: Unrestricted Upload of File with Dangerous Type</a>
References
Vulnerable Configurations
  • cpe:2.3:a:netgear:prosafe_network_management_software_300:1.5.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:netgear:prosafe_network_management_software_300:1.5.0.11:*:*:*:*:*:*:*
CVSS
Base: 8.3 (as of 09-10-2018 - 19:59)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
ADJACENT_NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:A/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bugtraq 20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300
cert-vn VU#777024
exploit-db 39412
fulldisc 20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300
misc http://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html
Last major update 09-10-2018 - 19:59
Published 13-02-2016 - 02:59
Back to Top