Vulnerabilities > CVE-2016-1524 - Unspecified vulnerability in Netgear Prosafe Network Management Software 300 1.5.0.11
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | NETGEAR ProSafe Network Management System NMS300 - Multiple Vulnerabilities. CVE-2016-1524,CVE-2016-1525. Webapps exploit for hardware platform |
file | exploits/hardware/webapps/39412.txt |
id | EDB-ID:39412 |
last seen | 2016-02-05 |
modified | 2016-02-04 |
platform | hardware |
port | |
published | 2016-02-04 |
reporter | Pedro Ribeiro |
source | https://www.exploit-db.com/download/39412/ |
title | NETGEAR ProSafe Network Management System NMS300 - Multiple Vulnerabilities |
type | webapps |
Metasploit
description | Netgear's ProSafe NMS300 is a network management utility that runs on Windows systems. The application has a file download vulnerability that can be exploited by an authenticated remote attacker to download any file in the system. This module has been tested with versions 1.5.0.2, 1.4.0.17 and 1.1.0.13. |
id | MSF:AUXILIARY/ADMIN/HTTP/NETGEAR_AUTH_DOWNLOAD |
last seen | 2020-05-31 |
modified | 2018-09-15 |
published | 2016-02-03 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/admin/http/netgear_auth_download.rb |
title | NETGEAR ProSafe Network Management System 300 Authenticated File Download |
Packetstorm
data source | https://packetstormsecurity.com/files/download/135618/netgear_nms_rce.txt |
id | PACKETSTORM:135618 |
last seen | 2016-12-05 |
published | 2016-02-07 |
reporter | Pedro Ribeiro |
source | https://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html |
title | Netgear Pro NMS 300 Code Execution / File Download |
The Hacker News
id | THN:E0863B17DEEAD331430C9E081425147F |
last seen | 2018-01-27 |
modified | 2016-02-05 |
published | 2016-02-05 |
reporter | Rakesh Krishnan |
source | https://thehackernews.com/2016/02/network-management-system.html |
title | Critical Flaws Found in NETGEAR Network Management System |
References
- http://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html
- http://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html
- http://seclists.org/fulldisclosure/2016/Feb/30
- http://seclists.org/fulldisclosure/2016/Feb/30
- http://www.kb.cert.org/vuls/id/777024
- http://www.kb.cert.org/vuls/id/777024
- http://www.securityfocus.com/archive/1/537446/100/0/threaded
- http://www.securityfocus.com/archive/1/537446/100/0/threaded
- https://www.exploit-db.com/exploits/39412/
- https://www.exploit-db.com/exploits/39412/