ID CVE-2016-1524
Summary Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI.
References
Vulnerable Configurations
  • NETGEAR ProSAFE Network Management Software 300 1.5.0.11
    cpe:2.3:a:netgear:prosafe_network_management_software_300:1.5.0.11
CVSS
Base: 8.3 (as of 07-03-2016 - 13:52)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
ADJACENT_NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description NETGEAR ProSafe Network Management System NMS300 - Multiple Vulnerabilities. CVE-2016-1524,CVE-2016-1525. Webapps exploit for hardware platform
file exploits/hardware/webapps/39412.txt
id EDB-ID:39412
last seen 2016-02-05
modified 2016-02-04
platform hardware
port
published 2016-02-04
reporter Pedro Ribeiro
source https://www.exploit-db.com/download/39412/
title NETGEAR ProSafe Network Management System NMS300 - Multiple Vulnerabilities
type webapps
metasploit via4
description Netgear's ProSafe NMS300 is a network management utility that runs on Windows systems. The application has a file download vulnerability that can be exploited by an authenticated remote attacker to download any file in the system. This module has been tested with versions 1.5.0.2, 1.4.0.17 and 1.1.0.13.
id MSF:AUXILIARY/ADMIN/HTTP/NETGEAR_AUTH_DOWNLOAD
last seen 2019-03-28
modified 2018-09-15
published 2016-02-03
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/netgear_auth_download.rb
title NETGEAR ProSafe Network Management System 300 Authenticated File Download
packetstorm via4
data source https://packetstormsecurity.com/files/download/135618/netgear_nms_rce.txt
id PACKETSTORM:135618
last seen 2016-12-05
published 2016-02-07
reporter Pedro Ribeiro
source https://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html
title Netgear Pro NMS 300 Code Execution / File Download
refmap via4
bugtraq 20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300
cert-vn VU#777024
exploit-db 39412
fulldisc 20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300
misc http://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html
the hacker news via4
id THN:E0863B17DEEAD331430C9E081425147F
last seen 2018-01-27
modified 2016-02-05
published 2016-02-05
reporter Rakesh Krishnan
source https://thehackernews.com/2016/02/network-management-system.html
title Critical Flaws Found in NETGEAR Network Management System
Last major update 05-12-2016 - 22:07
Published 12-02-2016 - 21:59
Last modified 09-10-2018 - 15:59
Back to Top