CVE-2016-1524 - Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and e

CVE-2016-1524

Summary

Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI. <a href="http://cwe.mitre.org/data/definitions/434.html">CWE-434: Unrestricted Upload of File with Dangerous Type</a>

References

Vulnerable Configurations

cpe:2.3:a:netgear:prosafe_network_management_software_300:1.5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:netgear:prosafe_network_management_software_300:1.5.0.11:*:*:*:*:*:*:*

CVSS

Base:	8.3 (as of 09-10-2018 - 19:59)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
ADJACENT_NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:A/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bugtraq	20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300
cert-vn	VU#777024
exploit-db	39412
fulldisc	20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300
misc	http://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html

Last major update

09-10-2018 - 19:59

Published

13-02-2016 - 02:59

Last modified

09-10-2018 - 19:59