Vulnerability Note VU#777024
Netgear Management System NMS300 contains arbitrary file upload and path traversal vulnerabilities
Netgear Management System NMS300, version 220.127.116.11 and earlier, is vulnerable to arbitrary file upload, which may be leveraged by unauthenticated users to execute arbitrary code with SYSTEM privileges. A directory traversal vulnerability enables authenticated users to download arbitrary files.
Netgear Management System NMS300 is a configuration, monitoring, and diagnostics utility for managing SNMP networked devices via a web interface.
CWE-434: Unrestricted Upload of File with Dangerous Type - CVE-2016-1524
An unauthenticated attacker on the network can upload arbitrary files to the server's root web directory, leading to data creation and arbitrary code execution with SYSTEM privileges. An authenticated attacker on the network can access any file on the server host.
The CERT/CC is currently unaware of a practical solution to this problem and recommends the following workaround.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Netgear, Inc.||Affected||04 Dec 2015||25 Jan 2016|
CVSS Metrics (Learn More)
Thanks to Pedro Ribeiro (firstname.lastname@example.org) of Agile Information Security for reporting this vulnerability.
This document was written by Joel Land.
- CVE IDs: CVE-2016-1524 CVE-2016-1525
- Date Public: 03 Feb 2016
- Date First Published: 03 Feb 2016
- Date Last Updated: 04 Feb 2016
- Document Revision: 21
If you have feedback, comments, or additional information about this vulnerability, please send us email.